CVE-2024-31419

MEDIUM

OpenShift Virtualization - Info Disclosure

Title source: llm
STIX 2.1

Description

An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace without being explicitly enabled by an administrator.

References (2)

Core 2
Core References
Vendor Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-31419
Issue Tracking issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2272948

Scores

CVSS v3 4.3
EPSS 0.0040
EPSS Percentile 31.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-497
Status published
Products (1)
Red Hat/Red Hat OpenShift Virtualization 4
Published Apr 03, 2024
Tracked Since Feb 18, 2026