We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | redhat |
Reserved | 2024-07-26 |
Published | 2024-07-26 |
Updated | 2024-09-18 |
A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Exposure of Sensitive Information to an Unauthorized Actor
2024-07-26: | Reported to Red Hat. |
2024-07-26: | Made public. |
This issue was discovered by Thibault Guittet (Red Hat).
https://access.redhat.com/security/cve/CVE-2024-7128
https://bugzilla.redhat.com/show_bug.cgi?id=2300037 (RHBZ#2300037)