CVE-2024-50311

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-50311
A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/security/cve/CVE-2024-50311 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2319379 Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
History

30 Oct 2024, 18:39

Type Values Removed Values Added
First Time Redhat openshift Container Platform
Redhat
CPE cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
References () https://access.redhat.com/security/cve/CVE-2024-50311 - () https://access.redhat.com/security/cve/CVE-2024-50311 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2319379 - () https://bugzilla.redhat.com/show_bug.cgi?id=2319379 - Issue Tracking
CWE CWE-770

23 Oct 2024, 15:12

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad de denegación de servicio (DoS) en OpenShift. Este fallo permite a los atacantes explotar la funcionalidad de procesamiento por lotes de GraphQL. La vulnerabilidad surge cuando se pueden enviar múltiples consultas dentro de una sola solicitud, lo que permite a un atacante enviar una solicitud que contiene miles de alias en una sola consulta. Este problema provoca un consumo excesivo de recursos, lo que lleva a que la aplicación no esté disponible para los usuarios legítimos.

22 Oct 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-22 14:15

Updated : 2024-10-30 18:39

NVD link : CVE-2024-50311

Mitre link : CVE-2024-50311

CVE.ORG link : CVE-2024-50311

JSON object : View

Products Affected

redhat

  • openshift_container_platform
CWE
CWE-770

Allocation of Resources Without Limits or Throttling

CWE-400

Uncontrolled Resource Consumption


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024