CVE-2024-7079

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-7079

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7079.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-7079

Published

2024-07-24T16:15:07Z

Modified

2025-02-19T03:38:53.165716Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint.

References

Affected packages

Git / github.com/openshift/telemeter

Affected ranges

Type: GIT
Repo: https://github.com/openshift/telemeter
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

465bdd9c8b8e4449a63b20dea82cbd4728b2fb2c

Affected versions

v3.*

v3.11.0