A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.
History

Mon, 11 Nov 2024 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_distributed_tracing:3

Mon, 30 Sep 2024 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 19 Aug 2024 17:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.12::el8
cpe:/a:redhat:openshift:4.12::el9
References

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-06-05T18:03:23.194Z

Updated: 2024-11-24T17:17:04.382Z

Reserved: 2024-05-16T22:03:32.375Z

Link: CVE-2024-5037

cve-icon Vulnrichment

Updated: 2024-08-01T21:03:10.506Z

cve-icon NVD

Status : Modified

Published: 2024-06-05T18:15:11.747

Modified: 2024-11-21T09:46:49.777

Link: CVE-2024-5037

cve-icon Redhat

Severity : Important

Publid Date: 2024-06-05T17:51:00Z

Links: CVE-2024-5037 - Bugzilla