VDB
CVE-2024-12698
CVE-2024-12698
PUBLISHED
CVSS 6.5 MEDIUM
An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487) where only unauthenticated streams were protected, not streams created by authenticated sources.
EPSS 0.29% · 52.7th percentile
Risk Scores
CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.29%
52.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat OpenShift Container Platform 4.18 | 4.18.0-202502052031.p0.gf95a88f.assembly.stream.el9, v4.18.0-202502052031.p0.gf95a88f.assembly.stream.el9 |
| 0, 0 |
Timeline
- Dec 18, 2024 CVE Published
- Dec 18, 2024 PoC Published
- Dec 18, 2024 PoC Published
- Dec 19, 2024 EPSS Score
- Jan 4, 2025 EPSS Score
- Jan 21, 2025 EPSS Score
- Jan 21, 2025 PoC Published
- Feb 6, 2025 EPSS Score
- Feb 23, 2025 EPSS Score
- Feb 25, 2025 PoC Published
- Feb 25, 2025 CVE Updated
- Mar 9, 2025 Coalition ESS Score
References
- RHSA-2024:6122 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-12698 vdb
- RHBZ#2332674 issue
- https://nvd.nist.gov/vuln/detail/CVE-2024-12698 advisory