Home > Vulnerability Database > CVE-2024-5037

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2024-5037

Date: June 5, 2024

A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.

Severity Score

7.5

Related Resources (11)

Url: https://access.redhat.com/security/cve/CVE-2024-5037

Url: https://access.redhat.com/errata/RHSA-2024:4151

Url: https://access.redhat.com/errata/RHSA-2024:4156

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-5037

Url: https://access.redhat.com/errata/RHSA-2024:4484

Url: https://access.redhat.com/errata/RHSA-2024:5200

Url: https://access.redhat.com/errata/RHSA-2024:4329

Url: https://github.com/openshift/telemeter/blob/a9417a6062c3a31ed78c06ea3a0613a52f2029b2/pkg/authorize/jwt/client_authorizer.go#L78

Url: https://github.com/kubernetes/kubernetes/pull/123540

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2272339

Url: https://www.mend.io/vulnerability-database/CVE-2024-5037

Severity Score

7.5

Weakness Type (CWE)

Authentication Bypass by Spoofing

CWE-290

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Do you need more information?

Contact Us