CVE-2024-7631

low-risk

Published 2025-03-19

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath construction, an authenticated user can manipulate the path to retrieve any JSON files on the console's pod by using sequences of ../ and valid directory paths.

Do I need to act?

0.18% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

References (3)

https://access.redhat.com/security/cve/CVE-2024-7631

https://bugzilla.redhat.com/show_bug.cgi?id=2296053

https://github.com/advisories/GHSA-69x5-hjg4-m267

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal