Main Vulnerability Database Vulnerabilities #VU112436

#VU112436 Improper Authentication in Red Hat OpenShift Container Platform - CVE-2024-7128

Published: July 7, 2025

Vulnerability identifier: #VU112436

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-7128

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Red Hat OpenShift Container Platform

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to several endpoints in OpenShift console use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification.

Remediation

Install updates from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2025:4427

#VU112436 Improper Authentication in Red Hat OpenShift Container Platform - CVE-2024-7128

Description

Remediation

External links

Please verify you're human