CVE-2024-1139 – github.com/openshift/cluster-monitoring-operator

Package

Manager: go
Name: github.com/openshift/cluster-monitoring-operator
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVSS v4.0: N/A

EPSS: 0.00151 pctl0.3638

Details

Withdrawn Advisory: Cluster Monitoring Operator contains a credentials leak # Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a package in the Go registry. For more information, see the discussion [here](https://github.com/github/advisory-database/pull/5467#issuecomment-2812187822). This link is maintained to preserve external references. # Original Description A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.

Metadata

Created: 2024-04-25T18:30:39Z
Modified: 2025-04-17T14:30:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-x5m7-63c6-fx79/GHSA-x5m7-63c6-fx79.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-x5m7-63c6-fx79
Finding: F038
Auto approve: 1