Medium severity4.3GHSA Advisory· Published Mar 19, 2025· Updated Apr 15, 2026
CVE-2024-25132
CVE-2024-25132
Description
A flaw was found in the Hive hibernation controller component of OpenShift Dedicated. The ClusterDeployment.hive.openshift.io/v1 resource can be created with the spec.installed field set to true, regardless of the installation status, and a positive timespan for the spec.hibernateAfter value. If a ClusterSync.hiveinternal.openshift.io/v1alpha1 resource is also created, the hive hibernation controller will enter the reconciliation loop leading to a panic when accessing a non-existing field in the ClusterDeployment’s status section, resulting in a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/openshift/hiveGo | <= 1.1.16 | — |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/openshift/hivepkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
<= 1.1.16+ 1 more
- (no CPE)range: <= 1.1.16
- (no CPE)range: < 0.0.20250327T184518-1.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.