A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint.
History

Thu, 19 Sep 2024 06:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


Thu, 19 Sep 2024 02:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 18 Sep 2024 09:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-07-24T15:51:36.331Z

Updated: 2024-12-03T20:22:49.051Z

Reserved: 2024-07-24T13:29:26.277Z

Link: CVE-2024-7079

cve-icon Vulnrichment

Updated: 2024-08-01T21:52:30.604Z

cve-icon NVD

Status : Modified

Published: 2024-07-24T16:15:07.613

Modified: 2024-11-21T09:50:50.600

Link: CVE-2024-7079

cve-icon Redhat

Severity : Important

Publid Date: 2024-07-24T00:00:00Z

Links: CVE-2024-7079 - Bugzilla