CVE-2024-7128: Openshift-console: unauthenticated data exposure

Description

A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification.

Classification

CVE ID: CVE-2024-7128

Affected Products

Vendor: Red Hat

Product: Red Hat OpenShift Container Platform 3.11

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://access.redhat.com/security/cve/CVE-2024-7128
https://bugzilla.redhat.com/show_bug.cgi?id=2300037

Timeline

2024-12-04 00:11:45 UTC
CVE

Openshift-console: unauthenticated data exposure