漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Openshift-console: unauthenticated installation of helm charts
Vulnerability Description
A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Red Hat OpenShift Container Platform 访问控制错误漏洞
Vulnerability Description
Red Hat OpenShift Container Platform是美国红帽(Red Hat)公司的一套可帮助企业在物理、虚拟和公共云基础架构之间开发、部署和管理现有基于容器的应用程序的应用平台。 Red Hat OpenShift Container Platform 3.11和Red Hat OpenShift Container Platform 4所有版本存在访问控制错误漏洞,该漏洞源于中间件函数不会验证用户凭据的有效性,导致未经身份验证的用户可以访/API/helm/verify端点。
CVSS Information
N/A
Vulnerability Type
N/A