ГлавнаяУязвимости → CVE-2024-5037
7.5высокая

CVE-2024-5037

→ есть в БДУ: BDU:2024-04494 (на русском)
Описание (на английском; русское — в БДУ выше)

A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.

Затрагиваемое ПО
Redhat Openshift container platformRedhat Openshift distributed tracing
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://access.redhat.com/errata/RHSA-2024:4151https://access.redhat.com/errata/RHSA-2024:4156https://access.redhat.com/errata/RHSA-2024:4329https://access.redhat.com/errata/RHSA-2024:4484https://access.redhat.com/errata/RHSA-2024:5200https://access.redhat.com/security/cve/CVE-2024-5037https://bugzilla.redhat.com/show_bug.cgi?id=2272339https://github.com/kubernetes/kubernetes/pull/123540