CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-7079

A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.9%

CVSS Severity

CVSS v3 Score 6.5

References

https://access.redhat.com/security/cve/CVE-2024-7079
https://bugzilla.redhat.com/show_bug.cgi?id=2299678
https://access.redhat.com/security/cve/CVE-2024-7079
https://bugzilla.redhat.com/show_bug.cgi?id=2299678

Products affected by CVE-2024-7079

Redhat » Openshift Container Platform » Version: 3.11

cpe:2.3:a:redhat:openshift_container_platform:3.11
Redhat » Openshift Container Platform » Version: 4.0

cpe:2.3:a:redhat:openshift_container_platform:4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-7079

Products

Pricing

Contact Us