VDB
GO-2024-2789
GO-2024-2789
PUBLISHED
Cluster Monitoring Operator contains a credentials leak in github.com/openshift/cluster-monitoring-operator
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | openshift/cluster-monitoring-operator | 0, 0 |
Timeline
- Jun 5, 2024 CVE Published
- Mar 3, 2026 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
References
- https://github.com/advisories/GHSA-x5m7-63c6-fx79 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-1139 advisory
- https://github.com/openshift/cluster-monitoring-operator/commit/1cfbe9ffafe1e43f8f87a451b72fddf5d76fa4e3 patch
- https://github.com/openshift/cluster-monitoring-operator/pull/1747 patch
- https://access.redhat.com/errata/RHSA-2024:1887 url
- https://access.redhat.com/errata/RHSA-2024:1891 url
- https://access.redhat.com/errata/RHSA-2024:2047 url
- https://access.redhat.com/errata/RHSA-2024:2782 url
- https://access.redhat.com/security/cve/CVE-2024-1139 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2262158 url
- https://github.com/openshift/cluster-monitoring-operator/blob/d45a3335c2bbada0948adef9fcba55c4e14fa1d7/pkg/manifests/manifests.go#L3135 url