RedhatCVELIST:CVE-2024-8509CVE-2024-8509 Migration toolkit for virtualization: forklift-controller: empty bearer token may perform authentication
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
16.3%
A vulnerability was found in Forklift Controller. There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value provides a 200 response with the requested information.
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Migration Toolkit for Virtualization 2.6",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "migration-toolkit-virtualization/mtv-api-rhel9",
"defaultStatus": "affected",
"versions": [
{
"version": "2.6.6-2",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:migration_toolkit_virtualization:2.6::el9",
"cpe:/a:redhat:migration_toolkit_virtualization:2.6::el8"
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
16.3%