4 matches found
GHSA-X5M7-63C6-FX79 Withdrawn Advisory: Cluster Monitoring Operator contains a credentials leak
Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a package in the Go registry. For more information, see the discussion here. This link is maintained to preserve external references. Original Description A credentials leak vulnerability was found in th...
CVE-2024-1139
CVE-2024-1139 affects OpenShift Container Platform’s cluster-monitoring-operator. The root cause is a credentials leak where a repository pull secret can be accessed via pod manifest annotations (notably within the telemeter-client pod in openshift-monitoring). This could allow a user with basic ...
CVE-2024-1139 Cluster-monitoring-operator: credentials leak
A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret...
CVE-2024-1139
A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret...