CVE-2024-7079
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Jul 24, 2024
Updated: Jul 26, 2024
CWE ID 306
Summary
CVE-2024-7079 is a vulnerability affecting the Openshift console's /API/helm/verify endpoint. This endpoint is responsible for fetching and verifying Helm chart installations from remote HTTP/HTTPS or local sources. Contrary to its name, the authHandlerWithUser() middleware function, which is supposed to verify user credentials, does not perform this function. As a result, unauthenticated users are able to access this endpoint, potentially leading to security risks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Red Hat Openshift Container Platform
Affected Vendors
- Red Hat