Vulnerability Description
A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2025:13336
- https://access.redhat.com/errata/RHSA-2025:4427
- https://access.redhat.com/errata/RHSA-2025:4723
- https://access.redhat.com/security/cve/CVE-2024-7128
- https://bugzilla.redhat.com/show_bug.cgi?id=2300037
- https://access.redhat.com/security/cve/CVE-2024-7128
- https://bugzilla.redhat.com/show_bug.cgi?id=2300037
FAQ
What is CVE-2024-7128?
CVE-2024-7128 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShi...
How severe is CVE-2024-7128?
CVE-2024-7128 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-7128?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.