| Assigner | redhat |
| Reserved | 2024-01-31 |
| Published | 2024-04-25 |
| Updated | 2024-09-23 |
Description
A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.
| HIGH: 7.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Problem types
Exposure of Sensitive Information to an Unauthorized Actor
Product status
Default status
unaffected
Any version
affected
Default status
affected
v4.12.0-202405091536.p0.g8906207.assembly.stream.el8 before *
unaffected
Default status
affected
v4.13.0-202404200313.p0.gb518881.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gf350a68.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gcafed17.assembly.stream.el9 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gafffdd4.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g48fafc4.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ge79d817.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga0733c1.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g1a5e72f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g2dbe78f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g46dedc6.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gd8cf3c9.assembly.stream.el9 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g46dedc6.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gad85376.assembly.stream.el9 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g8ba0b37.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404170009.p0.g3dc363d.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g8853e6e.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g27f105d.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g3362d67.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g607e2dd.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g54a95bd.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g2e2e277.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g95bcf9a.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gad7aa0a.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gf0e7cbb.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gf0e7cbb.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g7ad2773.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gb19eec1.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g9189357.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g354c55d.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gf401f53.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g43a15be.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g78da43a.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gfb20cda.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g937b5fd.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g13046b3.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gf7b14a9.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gf7b14a9.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga687275.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gae83c55.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g9203d4d.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g9d87281.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g5d436c6.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g270579c.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g93fba13.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gb4c4fb1.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gb4c4fb1.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g33a706e.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g91fa980.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g074a22c.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404170009.p0.gd4a1162.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g5553a22.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g74f5363.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gd139e6b.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gd876f5a.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404171239.p0.g2eab0f9.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gb287d08.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g4e05963.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g33f630d.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g9cd9922.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g711b4f6.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404170009.p0.g1839fb4.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gd429c8b.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404171239.p0.g88d3f42.assembly.stream.el9 before *
unaffected
Default status
affected
v4.14.0-202404171239.p0.g88d3f42.assembly.stream.el9 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g0dbbb61.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g8bd8602.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g3985c55.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g08fb27e.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g219f6f6.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g61a3465.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gaab7b5b.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gaf210dc.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g716a0c3.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gf6b13c7.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g855f3fc.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g7295a5e.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g7d3fa77.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g697083a.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gd93a218.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ge1dd453.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gc273cd5.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g9232c1f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g9232c1f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g06e8ce0.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g06e8ce0.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g78a710f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g78a710f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g59a701a.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g59a701a.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga683453.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga683453.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga9bcbde.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga9bcbde.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g9dcaa7f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g9dcaa7f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga683453.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga683453.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga683453.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gf7b14a9.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g9c104de.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gb31bf58.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404171239.p0.gb0c0321.assembly.stream.el9 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g09e96a9.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gd99fb31.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g95d55a0.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g8a626fe.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gb3af193.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g7bee54d.assembly.stream.el9 before *
unaffected
Default status
affected
v4.14.0-202404170009.p0.g96b62a5.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g004ecde.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g446871f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gc28b223.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g7fd94aa.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g02471d9.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g44a2b94.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g2a6627b.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g1c0ecea.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g78da43a.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g78da43a.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g264fa5c.assembly.stream.el9 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g7b56c30.assembly.stream.el9 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g7296ed5.assembly.stream.el9 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gc038d5a.assembly.stream.el9 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g801a912.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g1a9befc.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g1a646b9.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gdb0c549.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g8558e14.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g7d96f56.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g8926a29.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404170009.p0.g8926a29.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g34dfccb.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g27f5650.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ge292817.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g8666a36.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga676e6b.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g8985876.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g7c0025b.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gd3a4a6c.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g5e74b0f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g823eb51.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gcd6eae1.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g078aee5.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g13aebf7.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g833e1de.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g29f61f6.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g69d0021.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gbc56886.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g6f50b1a.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g8f5c90c.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga4a2f27.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g35f4739.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga333cb0.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gfb6fb27.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g2287fb2.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g9e9b51d.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g27209ef.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gdff4b0f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g697083a.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g3a74316.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g697083a.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gdcfcfb3.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga367cea.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gdcfcfb3.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g5d70863.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g2fdbd1b.assembly.stream.el9 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g2fdbd1b.assembly.stream.el9 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g2fdbd1b.assembly.stream.el9 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g7bee54d.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g7436369.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g8ecfd7f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g32c1028.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g1a957da.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gb7c61bc.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ge372516.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga4b845a.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g5ee0a9d.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga4b845a.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga4b845a.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gaf40ed0.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g1a9befc.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g3c3f82f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gc683f65.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gf066e57.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga267125.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gf7b14a9.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g5d5105f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga5ed57f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gb04567f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g72e998c.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g5d5105f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga5ed57f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.ga5ed57f.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gece171d.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gf21b470.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.gf21b470.assembly.stream.el8 before *
unaffected
Default status
affected
v4.14.0-202404161544.p0.g2fa33aa.assembly.stream.el8 before *
unaffected
Default status
affected
v4.15.0-202404161612.p0.g00d04f5.assembly.stream.el9 before *
unaffected
Default status
unaffected
Default status
unaffected
Default status
unaffected
Default status
unaffected
Default status
unaffected
Default status
unknown
Timeline
| 2024-01-31: | Reported to Red Hat. |
| 2024-04-03: | Made public. |
Credits
Red Hat would like to thank Calvinna Caswara (noris network AG) and Patrick Gress (noris network AG) for reporting this issue.
References
https://access.redhat.com/errata/RHSA-2024:1887 (RHSA-2024:1887) vendor-advisory
https://access.redhat.com/errata/RHSA-2024:1891 (RHSA-2024:1891) vendor-advisory
https://access.redhat.com/errata/RHSA-2024:2047 (RHSA-2024:2047) vendor-advisory
https://access.redhat.com/errata/RHSA-2024:2782 (RHSA-2024:2782) vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-1139 vdb-entry
https://bugzilla.redhat.com/show_bug.cgi?id=2262158 (RHBZ#2262158) issue-tracking
cve.org CVE-2024-1139
nvd.nist.gov CVE-2024-1139
Download JSON
Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.
