Lucene search

[email protected]NVD:CVE-2024-1342

HistoryFeb 16, 2024 - 4:15 p.m.

CVE-2024-1342

2024-02-1616:15:57

CWE-352

[email protected]

web.nvd.nist.gov

openshift

cross-site request forgery

csrf

websockets

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF.

References

access.redhat.com/security/cve/CVE-2024-1342

bugzilla.redhat.com/show_bug.cgi?id=2259960

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for NVD:CVE-2024-1342

prion1 cvelist1 cve1 redhatcve1