Description

A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint.

INFO

Published Date :

2024-07-24T15:51:36.331Z

Last Modified :

2025-11-20T20:56:28.792Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-7079 vulnerability.

Vendors Products
Redhat
  • Openshift
  • Openshift Container Platform
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-7079.

URL Resource
https://access.redhat.com/security/cve/CVE-2024-7079 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2299678 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-7079 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-7079 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact