High severity7.7GHSA Advisory· Published Apr 25, 2024· Updated Jun 17, 2026
CVE-2024-1139
CVE-2024-1139
Description
A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/openshift/cluster-monitoring-operatorGo | <= 0.1.1 | — |
Affected products
2- Range: <= 0.1.1
Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-x5m7-63c6-fx79ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-1139ghsaADVISORY
- access.redhat.com/errata/RHSA-2024:1887nvdWEB
- access.redhat.com/errata/RHSA-2024:1891nvdWEB
- access.redhat.com/errata/RHSA-2024:2047nvdWEB
- access.redhat.com/errata/RHSA-2024:2782nvdWEB
- access.redhat.com/security/cve/CVE-2024-1139nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/openshift/cluster-monitoring-operator/blob/d45a3335c2bbada0948adef9fcba55c4e14fa1d7/pkg/manifests/manifests.goghsaWEB
- github.com/openshift/cluster-monitoring-operator/commit/1cfbe9ffafe1e43f8f87a451b72fddf5d76fa4e3ghsaWEB
- github.com/openshift/cluster-monitoring-operator/pull/1747ghsaWEB
News mentions
0No linked articles in our index yet.