A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-07-24T15:51:36.331Z

Updated: 2024-08-20T19:29:00.208Z

Reserved: 2024-07-24T13:29:26.277Z

Link: CVE-2024-7079

cve-icon Vulnrichment

Updated: 2024-08-01T21:52:30.604Z

cve-icon NVD

Status : Modified

Published: 2024-07-24T16:15:07.613

Modified: 2024-07-26T10:15:02.840

Link: CVE-2024-7079

cve-icon Redhat

Severity : Important

Publid Date: 2024-07-24T00:00:00Z

Links: CVE-2024-7079 - Bugzilla