CVE-2024-7128 MEDIUM

CVE-2024-7128: Openshift-console: unauthenticated data exposure

Vendor Red Hat

Product Red Hat OpenShift Container Platform 3.11

Weakness CWE-200 · Info exposure

Published July 26, 2024

Last update November 20, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification.

Key dates

02Disclosure timeline

July 26, 2024 CVE published

November 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-7128 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2024-7128

CWE CWE-200

CVSS 5.3 / MEDIUM

Affected versions