CVE-2024-5037

Published June 5th, 2024

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

N/A

Affected

PROJECTS

Description

A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.

kubernetes/kubernetes

Production-Grade Container Scheduling and Management

GitHub

123K

openshift/telemeter

Prometheus push federation

GitHub

106