A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-07-24T15:51:36.331Z
Updated: 2024-08-20T19:29:00.208Z
Reserved: 2024-07-24T13:29:26.277Z
Link: CVE-2024-7079
Vulnrichment
Updated: 2024-08-01T21:52:30.604Z
NVD
Status : Modified
Published: 2024-07-24T16:15:07.613
Modified: 2024-07-26T10:15:02.840
Link: CVE-2024-7079
Redhat