Lucene search

Redhat.comRH:CVE-2024-1139

HistoryApr 03, 2024 - 12:05 p.m.

CVE-2024-1139

2024-04-0312:05:22

redhat.com

access.redhat.com

credentials leak vulnerability

cluster monitoring operator

ocp

remote attacker

pod manifest

repository pull secret

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON

A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.

References

bugzilla.redhat.com/show_bug.cgi?id=2262158

nvd.nist.gov/vuln/detail/CVE-2024-1139

www.cve.org/CVERecord?id=CVE-2024-1139

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON

Related for RH:CVE-2024-1139