CVE-2024-7079

Name of the Vulnerable Software and Affected Versions Openshift console (affected versions not specified)

Description A flaw was found in the Openshift console, specifically in the /API/helm/verify endpoint, which is responsible for fetching and verifying the installation of a Helm chart from a remote HTTP/HTTPS or local URI. The authHandlerWithUser() middleware function is supposed to gate access to this endpoint, but it does not verify the validity of the user's credentials, allowing unauthenticated users to access the endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.