A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification.
History

Tue, 03 Dec 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-07-26T13:34:19.647Z

Updated: 2024-12-03T19:25:43.270Z

Reserved: 2024-07-26T10:55:18.431Z

Link: CVE-2024-7128

cve-icon Vulnrichment

Updated: 2024-08-01T21:52:30.646Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-26T14:15:03.573

Modified: 2024-11-21T09:50:55.230

Link: CVE-2024-7128

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-07-26T00:00:00Z

Links: CVE-2024-7128 - Bugzilla