Lucene search

Redhat.comRH:CVE-2024-1342

HistoryFeb 13, 2024 - 11:09 p.m.

CVE-2024-1342

2024-02-1323:09:29

redhat.com

access.redhat.com

openshift

csrf protection

websockets

flaw

get requests

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF.

References

bugzilla.redhat.com/show_bug.cgi?id=2259960

nvd.nist.gov/vuln/detail/CVE-2024-1342

www.cve.org/CVERecord?id=CVE-2024-1342

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for RH:CVE-2024-1342