CVE-2024-7631

Name of the Vulnerable Software and Affected Versions OpenShift Console (affected versions not specified)

Description A flaw was found in the OpenShift Console, specifically in an endpoint for plugins to serve resources in multiple languages, located at "/locales/resources.json". This endpoint uses lng and ns parameters to construct a filepath, which is done unsafely. As a result, an authenticated user can manipulate the path to retrieve any JSON files on the console's pod by using sequences of ../ and valid directory paths.

Recommendations For the affected version, consider restricting access to the "/locales/resources.json" endpoint until a patch is available. As a temporary workaround, avoid using the lng and ns parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.