CVE-2024-7079

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jul 24, 2024
Updated: Jul 26, 2024
CWE ID 306

Summary

CVE-2024-7079 is a vulnerability affecting the Openshift console's /API/helm/verify endpoint. This endpoint is responsible for fetching and verifying Helm chart installations from remote HTTP/HTTPS or local sources. Contrary to its name, the authHandlerWithUser() middleware function, which is supposed to verify user credentials, does not perform this function. As a result, unauthenticated users are able to access this endpoint, potentially leading to security risks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Red Hat Openshift Container Platform

Affected Vendors

  • Red Hat