A vulnerability was found in Forklift Controller. There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value provides a 200 response with the requested information.
Metrics
Affected Vendors & Products
References
History
Mon, 09 Sep 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:migration_toolkit_virtualization:2.6::el8 cpe:/a:redhat:migration_toolkit_virtualization:2.6::el9 |
|
References |
|
Fri, 06 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 06 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability was found in Forklift Controller. There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value provides a 200 response with the requested information. | |
Title | Migration toolkit for virtualization: forklift-controller: empty bearer token may perform authentication | |
First Time appeared |
Redhat
Redhat migration Toolkit Virtualization |
|
Weaknesses | CWE-285 | |
CPEs | cpe:/a:redhat:migration_toolkit_virtualization:2 | |
Vendors & Products |
Redhat
Redhat migration Toolkit Virtualization |
|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-09-06T15:17:49.225Z
Updated: 2024-12-27T14:17:54.675Z
Reserved: 2024-09-06T12:47:08.205Z
Link: CVE-2024-8509
Vulnrichment
Updated: 2024-09-06T15:33:08.837Z
NVD
Status : Awaiting Analysis
Published: 2024-09-06T16:15:03.583
Modified: 2024-09-09T19:15:14.837
Link: CVE-2024-8509
Redhat