A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification.
Metrics
Affected Vendors & Products
References
History
Tue, 03 Dec 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-07-26T13:34:19.647Z
Updated: 2024-12-03T19:25:43.270Z
Reserved: 2024-07-26T10:55:18.431Z
Link: CVE-2024-7128
Vulnrichment
Updated: 2024-08-01T21:52:30.646Z
NVD
Status : Awaiting Analysis
Published: 2024-07-26T14:15:03.573
Modified: 2024-11-21T09:50:55.230
Link: CVE-2024-7128
Redhat