VDB
CVE-2024-5037
CVE-2024-5037
PUBLISHED
Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler besteht im Telemeter, der die Verwendung eines gefälschten Tokens während der JSON-Web-Token-Authentifizierung ermöglicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen.
EPSS 0.34% · 57.2th percentile
Risk Scores
EPSS Score
0.34%
57.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat OpenShift Container Platform <4.12.63 | |
| Red Hat | Red Hat Enterprise Linux | |
| Red Hat | Red Hat OpenShift Telemeter 4.17 |
Exploit Intelligence
- RHSA-2024:4151 (circl)
- RHSA-2024:4156 (circl)
- RHSA-2024:4329 (circl)
- RHSA-2024:4484 (circl)
- RHSA-2024:5200 (circl)
- https://access.redhat.com/security/cve/CVE-2024-5037 (circl)
- RHBZ#2272339 (circl)
- https://github.com/kubernetes/kubernetes/pull/123540 (circl)
- https://github.com/openshift/telemeter/blob/a9417a6062c3a31ed78c06ea3a0613a52f2029b2/pkg/authorize/jwt/client_authorizer.go#L78 (circl)
Timeline
- Jun 5, 2024 CVE Published
- Jun 6, 2024 EPSS Score
- Jun 29, 2024 EPSS Score
- Jul 22, 2024 EPSS Score
- Aug 15, 2024 EPSS Score
- Sep 30, 2024 EPSS Score
- Oct 5, 2024 Coalition ESS Score
- Oct 23, 2024 EPSS Score
- Nov 15, 2024 EPSS Score
- Nov 21, 2024 CVE Updated
- Dec 9, 2024 EPSS Score
- Jan 2, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1299.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1299 advisory
- https://github.com/advisories/GHSA-gc8r-pxj9-hhx3 advisory
- https://access.redhat.com/security/cve/CVE-2024-5037 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2272339 advisory
- https://access.redhat.com/errata/RHSA-2024:4151 advisory
- https://access.redhat.com/errata/RHSA-2024:4329 advisory
- https://access.redhat.com/errata/RHSA-2024:4484 advisory
- https://access.redhat.com/errata/RHSA-2024:5200 advisory