Login Sign Up

CVE-2024-7128

5.3 MEDIUM
Authentication Bypass

📋 TL;DR

CVE-2024-7128 is an authentication bypass vulnerability in OpenShift console where endpoints using authHandler() and authHandlerWithUser() middleware fail to perform authentication checks when the default 'openShiftAuth' provider is configured. This allows unauthorized access to sensitive data without proper credential verification. Organizations using OpenShift with the default authentication configuration are affected.

💻 Affected Systems

Products:
  • Red Hat OpenShift Container Platform
Versions: Multiple versions as specified in Red Hat advisories
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists when using the default 'openShiftAuth' authentication provider configuration.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of sensitive cluster data including secrets, configurations, and user information through unauthorized API access.

🟠

Likely Case

Unauthorized data exposure of varying sensitivity levels depending on which endpoints are accessed, potentially including cluster metadata and configuration details.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthorized users from reaching the console endpoints.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to the OpenShift console endpoints but no authentication credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Red Hat advisories RHSA-2025:13336, RHSA-2025:4427, RHSA-2025:4723 for specific fixed versions

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2024-7128

Restart Required: Yes

Instructions:

1. Update OpenShift to patched versions specified in Red Hat advisories. 2. Apply security updates through your cluster management interface. 3. Restart affected console components.

🔧 Temporary Workarounds

Change Authentication Provider

linux

Configure a different authentication provider instead of the default 'openShiftAuth'

# Modify OpenShift authentication configuration
# Edit authentication configuration to use OAuth, LDAP, or other providers
# Refer to OpenShift documentation for specific configuration steps

Network Access Controls

linux

Restrict network access to OpenShift console endpoints

# Example firewall rule to restrict console access
# iptables -A INPUT -p tcp --dport 443 -s trusted_networks -j ACCEPT
# iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate OpenShift console from untrusted networks
  • Enable comprehensive logging and monitoring for unauthorized access attempts to console endpoints

🔍 How to Verify

Check if Vulnerable:

Check if OpenShift console is using default 'openShiftAuth' provider and review authentication middleware configuration

Check Version:

oc version

Verify Fix Applied:

Verify OpenShift version matches patched versions in Red Hat advisories and test authentication requirements on previously vulnerable endpoints

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access attempts to console endpoints
  • Authentication bypass patterns in console logs
  • Unusual data access patterns from unauthenticated sources

Network Indicators:

  • Unusual traffic patterns to console API endpoints without authentication headers
  • Data exfiltration from console endpoints

SIEM Query:

source="openshift-console" AND (status_code=200 OR status_code=201) AND (user="-" OR user="anonymous")

📊 Metadata

CVE ID: CVE-2024-7128
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-200
Published: July 26, 2024
Last Updated: August 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7128, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)