CVE-2024-4369 – An information disclosure flaw was found in OpenShift’s internal image registry operator. …

1 May 2024

Vuln ID: CVE-2024-4369

Published: 2024-05-01 00:15:06.890

Description: An information disclosure flaw was found in OpenShift’s internal image registry operator. AZURE_CLIENT_SECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions to obtain pod information from the openshift-image-registry namespace could use this obtained client secret to perform actions as the registry operator’s Azure service account.

Base Score: 6.8 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Source: NVD.NIST.GOV

Date:

1 May 2024

Categorie(s):

NVD

Tag(s):

NVD

Too many ICS assets are exposed to the public internet17 May 2024
New infosec products of the week: May 17, 202417 May 2024
One big problem SOC teams can actually solve with AI17 May 2024
Unpacking XDR: Coverage, stitching, accregation — and the GenAI wildcard17 May 2024
The enterprise browser: The first win-win-win for CISOs, CIOs and end users17 May 2024