{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T01:55:59.139","vulnerabilities":[{"cve":{"id":"CVE-2024-7128","sourceIdentifier":"secalert@redhat.com","published":"2024-07-26T14:15:03.573","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider (\"openShiftAuth\") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification."},{"lang":"es","value":" Se encontró un fallo en la consola Openshift. Varios endpoints de la aplicación utilizan las funciones de middleware authHandler() y authHandlerWithUser(). Cuando se establece el proveedor de autenticación predeterminado (\"openShiftAuth\"), estas funciones no realizan ninguna verificación de autenticación, sino que dependen del servicio de destino para manejar la autenticación y la autorización. Este problema conduce a diversos grados de exposición de datos debido a la falta de una verificación de credenciales adecuada."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:13336","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:4427","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:4723","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-7128","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2300037","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-7128","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2300037","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}