Description

A flaw was found in the Hive hibernation controller component of OpenShift Dedicated. The ClusterDeployment.hive.openshift.io/v1 resource can be created with the spec.installed field set to true, regardless of the installation status, and a positive timespan for the spec.hibernateAfter value. If a ClusterSync.hiveinternal.openshift.io/v1alpha1 resource is also created, the hive hibernation controller will enter the reconciliation loop leading to a panic when accessing a non-existing field in the ClusterDeployment’s status section, resulting in a denial of service.

INFO

Published Date :

2025-03-19T17:57:14.659Z

Last Modified :

2025-07-23T17:37:05.459Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-25132 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-25132.

URL Resource
https://access.redhat.com/security/cve/CVE-2024-25132 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2260371 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-25132 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact