Lucene search

CVE-2024-5037

🗓️ 05 Jun 2024 18:11:15Reported by [email protected]Type

Flaw in OpenShift Telemeter allows forged token bypass

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 11
Cvelist	CVE-2024-5037 Openshift/telemeter: iss check during jwt authentication can be bypassed	5 Jun 202418:03	–	cvelist
RedhatCVE	CVE-2024-5037	5 Jun 202418:01	–	redhatcve
Vulnrichment	CVE-2024-5037 Openshift/telemeter: iss check during jwt authentication can be bypassed	5 Jun 202418:03	–	vulnrichment
OSV	GO-2024-2905 Openshift/telemeter: iss check during jwt authentication can be bypassed in github.com/openshift/telemeter	28 Jun 202415:28	–	osv
CVE	CVE-2024-5037	5 Jun 202418:15	–	cve
Veracode	Authentication Bypass By Spoofing	10 Jun 202413:40	–	veracode
RedHat Linux	(RHSA-2024:5200) Important: OpenShift Container Platform 4.12.63 bug fix and security update	19 Aug 202403:01	–	redhat
RedHat Linux	(RHSA-2024:4156) Important: OpenShift Container Platform 4.16.1 bug fix and security update	3 Jul 202409:38	–	redhat
RedHat Linux	(RHSA-2024:4151) Important: OpenShift Container Platform 4.15.20 security update	2 Jul 202418:15	–	redhat
RedHat Linux	(RHSA-2024:4329) Important: OpenShift Container Platform 4.14.32 bug fix and security update	11 Jul 202411:48	–	redhat

Nvd

Node

redhat openshift_container_platformMatch4.0

redhat openshift_distributed_tracingMatch2.0

Source	Link
access	www.access.redhat.com/errata/RHSA-2024:4484
access	www.access.redhat.com/errata/RHSA-2024:4156
access	www.access.redhat.com/security/cve/CVE-2024-5037
access	www.access.redhat.com/errata/RHSA-2024:5200
github	www.github.com/openshift/telemeter/blob/a9417a6062c3a31ed78c06ea3a0613a52f2029b2/pkg/authorize/jwt/client_authorizer.go
access	www.access.redhat.com/errata/RHSA-2024:4329
access	www.access.redhat.com/errata/RHSA-2024:4151
github	www.github.com/kubernetes/kubernetes/pull/123540
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

05 Jun 2024 18:15Current

7.5High risk

Vulners AI Score7.5

CVSS37.5

EPSS0.0049

CWE-290