A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.
Metrics
Affected Vendors & Products
References
History
Mon, 11 Nov 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift_distributed_tracing:3 |
Mon, 30 Sep 2024 12:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 19 Aug 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift:4.12::el8 cpe:/a:redhat:openshift:4.12::el9 |
|
References |
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-06-05T18:03:23.194Z
Updated: 2024-11-24T17:17:04.382Z
Reserved: 2024-05-16T22:03:32.375Z
Link: CVE-2024-5037
Vulnrichment
Updated: 2024-08-01T21:03:10.506Z
NVD
Status : Modified
Published: 2024-06-05T18:15:11.747
Modified: 2024-11-21T09:46:49.777
Link: CVE-2024-5037
Redhat