Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-1342

5.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 6 months, 1 week ago

Openshift: existing cross-site request forgery protection insufficient for websocket creation

A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF.

References

https://access.redhat.com/security/cve/CVE-2024-1342 x_refsource_REDHAT vdb-entry
RHBZ#2259960 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-1342 x_refsource_REDHAT vdb-entry
RHBZ#2259960 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-1342 x_refsource_REDHAT vdb-entry
RHBZ#2259960 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-1342 x_refsource_REDHAT vdb-entry
RHBZ#2259960 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-1342 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2259960 issue-tracking x_refsource_REDHAT x_transferred

Affected products

openshift

Matching in nixpkgs

pkgs.openshift

Build, deploy, and manage your applications with Docker and Kubernetes

nixos-unstable -
- nixpkgs-unstable 4.16.0

pkgs.python312Packages.openshift

Python client for the OpenShift API

nixos-unstable -
- nixpkgs-unstable 0.13.2

pkgs.python313Packages.openshift

Python client for the OpenShift API

nixos-unstable -
- nixpkgs-unstable 0.13.2

pkgs.python312Packages.azure-mgmt-redhatopenshift

Microsoft Azure Red Hat Openshift Management Client Library for Python

nixos-unstable -
- nixpkgs-unstable 2.0.0

pkgs.python313Packages.azure-mgmt-redhatopenshift