CVE-2024-5037— Openshift/telemeter: iss check during jwt authentication can be bypassed
I. Basic Information for CVE-2024-5037
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Openshift/telemeter: iss check during jwt authentication can be bypassed
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用欺骗进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
Red Hat OpenShift Telemeter 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat OpenShift Telemeter是美国红帽(Red Hat)公司的一组用于 OpenShift 远程健康监控的组件。 Red Hat OpenShift Telemeter存在安全漏洞,该漏洞源于身份验证可以被绕过。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | - | 4.16 ~ 4.17 | - | |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | v4.12.0-202408071159.p0.gc9592de.assembly.stream.el8 ~ * | cpe:/a:redhat:openshift:4.12::el8 | |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | v4.13.0-202407081338.p0.g0634a6d.assembly.stream.el8 ~ * | cpe:/a:redhat:openshift:4.13::el8 | |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | v4.14.0-202407021509.p0.g1f72681.assembly.stream.el8 ~ * | cpe:/a:redhat:openshift:4.14::el8 | |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | v4.15.0-202406200537.p0.g14489f7.assembly.stream.el9 ~ * | cpe:/a:redhat:openshift:4.15::el8 | |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | v4.16.0-202406200537.p0.gc1ecd10.assembly.stream.el9 ~ * | cpe:/a:redhat:openshift:4.16::el9 | |
| Red Hat | Logging Subsystem for Red Hat OpenShift | - | cpe:/a:redhat:logging:5 | |
| Red Hat | Red Hat OpenShift distributed tracing 2 | - | cpe:/a:redhat:openshift_distributed_tracing:2 | |
| Red Hat | Red Hat OpenShift distributed tracing 3 | - | cpe:/a:redhat:openshift_distributed_tracing:3 |
II. Public POCs for CVE-2024-5037
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-5037
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-290
- CVE-2021-47923
OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie - CVE-2026-42354
Sentry: Improper authentication on SAML SSO process allows u - CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-39858
Traefik: Forwarded alias spoofing top pre-auth decision bypa - CVE-2018-25317
Tenda W3002R/A302/W309R V5.07.64_en Cookie Session Weakness
V. Comments for CVE-2024-5037
No comments yet