A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0049}

epss

{'score': 0.00191}


Mon, 11 Nov 2024 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_distributed_tracing:3

Mon, 30 Sep 2024 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 19 Aug 2024 17:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.12::el8
cpe:/a:redhat:openshift:4.12::el9
References

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-27T13:05:11.935Z

Reserved: 2024-05-16T22:03:32.375Z

Link: CVE-2024-5037

cve-icon Vulnrichment

Updated: 2024-08-01T21:03:10.506Z

cve-icon NVD

Status : Modified

Published: 2024-06-05T18:15:11.747

Modified: 2024-11-21T09:46:49.777

Link: CVE-2024-5037

cve-icon Redhat

Severity : Important

Publid Date: 2024-06-05T17:51:00Z

Links: CVE-2024-5037 - Bugzilla

cve-icon OpenCVE Enrichment

No data.