CVE-2024-1139

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-1139
A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.

7.7 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:1887
https://access.redhat.com/errata/RHSA-2024:1891
https://access.redhat.com/errata/RHSA-2024:2047
https://access.redhat.com/errata/RHSA-2024:2782
https://access.redhat.com/security/cve/CVE-2024-1139
https://bugzilla.redhat.com/show_bug.cgi?id=2262158
https://access.redhat.com/errata/RHSA-2024:1887
https://access.redhat.com/errata/RHSA-2024:1891
https://access.redhat.com/errata/RHSA-2024:2047
https://access.redhat.com/errata/RHSA-2024:2782
https://access.redhat.com/security/cve/CVE-2024-1139
https://bugzilla.redhat.com/show_bug.cgi?id=2262158
Configurations

No configuration.

History

21 Nov 2024, 08:49

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2024:1887 - () https://access.redhat.com/errata/RHSA-2024:1887 -
References () https://access.redhat.com/errata/RHSA-2024:1891 - () https://access.redhat.com/errata/RHSA-2024:1891 -
References () https://access.redhat.com/errata/RHSA-2024:2047 - () https://access.redhat.com/errata/RHSA-2024:2047 -
References () https://access.redhat.com/errata/RHSA-2024:2782 - () https://access.redhat.com/errata/RHSA-2024:2782 -
References () https://access.redhat.com/security/cve/CVE-2024-1139 - () https://access.redhat.com/security/cve/CVE-2024-1139 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=2262158 - () https://bugzilla.redhat.com/show_bug.cgi?id=2262158 -

16 May 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:2782 -

13 May 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1891 -

08 May 2024, 02:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:2047 -

26 Apr 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-25 17:15

Updated : 2024-11-21 08:49

NVD link : CVE-2024-1139

Mitre link : CVE-2024-1139

CVE.ORG link : CVE-2024-1139

JSON object : View

Products Affected

No product.

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor