High severity7.5NVD Advisory· Published Jun 5, 2024· Updated Jun 17, 2026
CVE-2024-5037
CVE-2024-5037
Description
A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
9- github.com/kubernetes/kubernetes/pull/123540nvdPatchThird Party Advisory
- access.redhat.com/security/cve/CVE-2024-5037nvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor Advisory
- github.com/openshift/telemeter/blob/a9417a6062c3a31ed78c06ea3a0613a52f2029b2/pkg/authorize/jwt/client_authorizer.gonvdProduct
- access.redhat.com/errata/RHSA-2024:4151nvd
- access.redhat.com/errata/RHSA-2024:4156nvd
- access.redhat.com/errata/RHSA-2024:4329nvd
- access.redhat.com/errata/RHSA-2024:4484nvd
- access.redhat.com/errata/RHSA-2024:5200nvd
News mentions
0No linked articles in our index yet.