Lucene search

RedhatCVE-2024-8509

HistorySep 06, 2024 - 4:15 p.m.

CVE-2024-8509

2024-09-0616:15:03

CWE-285

redhat

web.nvd.nist.gov

vulnerability

authorization bypass

authentication header

bearer token

401 error

200 response

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

16.3%

JSON

A vulnerability was found in Forklift Controller. There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value provides a 200 response with the requested information.

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Migration Toolkit for Virtualization 2.6",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "migration-toolkit-virtualization/mtv-api-rhel9",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "2.6.6-2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:migration_toolkit_virtualization:2.6::el9",
      "cpe:/a:redhat:migration_toolkit_virtualization:2.6::el8"
    ]
  }
]

References

access.redhat.com/errata/RHSA-2024:6487

access.redhat.com/security/cve/CVE-2024-8509

bugzilla.redhat.com/show_bug.cgi?id=2310406

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

16.3%

JSON

Related for CVE-2024-8509