CVE-2024-7079 Vulnerability Details

  /     /     /  

CVE-2024-7079 Metadata Quick Info

CVE Published: 24/07/2024 | CVE Updated: 03/12/2024 | CVE Year: 2024
Source: redhat | Vendor: Red Hat | Product: Red Hat OpenShift Container Platform 3.11
Status : PUBLISHED

---

CVE-2024-7079 Description

A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user\'s credentials. As a result, unauthenticated users can access this endpoint.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-306
CWE Name: Missing Authentication for Critical Function
Source: Red Hat

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).