{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1342", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "REJECTED", "assignerShortName": "redhat", "dateReserved": "2024-02-07T22:26:19.404Z", "datePublished": "2024-02-16T15:20:53.354Z", "dateUpdated": "2024-10-14T22:00:07.768Z", "dateRejected": "2024-10-14T22:00:07.768Z"}, "containers": {"cna": {"rejectedReasons": [{"lang": "en", "value": "Unable to reproduce."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-10-14T22:00:07.768Z"}}}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1342", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "REJECTED", "assignerShortName": "redhat", "dateReserved": "2024-02-07T22:26:19.404Z", "datePublished": "2024-02-16T15:20:53.354Z", "dateUpdated": "2024-10-14T22:00:07.768Z", "dateRejected": "2024-10-14T22:00:07.768Z"}, "containers": {"cna": {"rejectedReasons": [{"lang": "en", "value": "Unable to reproduce."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-10-14T22:00:07.768Z"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: Unable to reproduce."}], "id": "CVE-2024-1342", "lastModified": "2024-10-14T22:15:03.180", "metrics": {}, "published": "2024-02-16T16:15:57.543", "references": [], "sourceIdentifier": "[email protected]", "vulnStatus": "Rejected"}

{"acknowledgement": "Red Hat would like to thank Cyber Controls team (SIX Group) for reporting this issue.", "bugzilla": {"description": "openshift: existing Cross-Site Request Forgery protection insufficient for WebSocket creation", "id": "2259960", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259960"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-352", "details": ["A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF."], "name": "CVE-2024-1342", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-02-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-1342\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1342"], "statement": "While this CVE has been rejected and is no longer considered a vulnerability, Red Hat has updated the default CSRF protection for the Openshift Web Console to `SameSite: Strict` as a security hardening opportunity.", "threat_severity": "Moderate"}