CVE-2024-7079

A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint.

Published: Jul 24, 2024
Updated: Jul 26, 2024
CVE: CVE-2024-7079
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
redhat / openshift_container_platform	3.11	3.11.x
redhat / openshift_container_platform	4.0	4.0.x

https://access.redhat.com/security/cve/CVE-2024-7079
https://bugzilla.redhat.com/show_bug.cgi?id=2299678

Vulnerability Database

289,599

CVE-2024-7079