Base Score

HIGH7.7

CVE-2024-1139

A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.

VectorNETWORK

Published Bysecalert@redhat.com

Published DateApr 25, 2024, 17:15

Affected Versions(1)

github.com/openshift/cluster-monitoring-operator(Go)

Introduced0

FixedN/A

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/openshift/cluster-monitoring-operator(Go)	0	N/A	N/A

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

7.7

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

Base Score

HIGH7.7

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

7.7

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE