CVE-2024-5037

Name of the Vulnerable Software and Affected Versions OpenShift Telemeter (affected versions not specified)

Description The issue is related to a flaw in OpenShift's Telemeter that allows an attacker to bypass authentication using a forged token. This can be done by exploiting the "iss" check during JSON web token (JWT) authentication. If certain conditions are met, a remote attacker can use this flaw to gain unauthorized access to protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.