CVE-2024-1139: Cluster Monitoring Operator contains a credentials leak
A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.
References
- access.redhat.com/security/cve/CVE-2024-1139
- bugzilla.redhat.com/show_bug.cgi?id=2262158
- github.com/advisories/GHSA-x5m7-63c6-fx79
- github.com/openshift/cluster-monitoring-operator
- github.com/openshift/cluster-monitoring-operator/blob/d45a3335c2bbada0948adef9fcba55c4e14fa1d7/pkg/manifests/manifests.go
- github.com/openshift/cluster-monitoring-operator/commit/1cfbe9ffafe1e43f8f87a451b72fddf5d76fa4e3
- github.com/openshift/cluster-monitoring-operator/pull/1747
- nvd.nist.gov/vuln/detail/CVE-2024-1139
Detect and mitigate CVE-2024-1139 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →