CVE-2024-1139
HIGHOpenShift cluster-monitoring-operator - Exposure of Sensitive Information via Pod Manifest
Title source: llmDescription
A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1887
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1891
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2047
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2782
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-1139
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2262158
Scores
CVSS v3
7.7
EPSS
0.0017
EPSS Percentile
37.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (50)
openshift/cluster-monitoring-operator
0Go
Red Hat/Red Hat Advanced Cluster Management for Kubernetes 2
Red Hat/Red Hat OpenShift Container Platform 3.11
Red Hat/Red Hat OpenShift Container Platform 4.12
v4.12.0-202405091536.p0.g8906207.assembly.stream.el8
Red Hat/Red Hat OpenShift Container Platform 4.13
v4.13.0-202404200313.p0.gb518881.assembly.stream.el8
Red Hat/Red Hat OpenShift Container Platform 4.14
v4.14.0-202404161544.p0.g004ecde.assembly.stream.el8
Red Hat/Red Hat OpenShift Container Platform 4.14
v4.14.0-202404161544.p0.g02471d9.assembly.stream.el8
Red Hat/Red Hat OpenShift Container Platform 4.14
v4.14.0-202404161544.p0.g06e8ce0.assembly.stream.el8
Red Hat/Red Hat OpenShift Container Platform 4.14
v4.14.0-202404161544.p0.g074a22c.assembly.stream.el8
Red Hat/Red Hat OpenShift Container Platform 4.14
v4.14.0-202404161544.p0.g078aee5.assembly.stream.el8
... and 40 more
Published
Apr 25, 2024
Tracked Since
Feb 18, 2026