Medium severity4.3GHSA Advisory· Published Mar 19, 2025· Updated Jun 17, 2026
CVE-2024-7631
CVE-2024-7631
Description
A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath construction, an authenticated user can manipulate the path to retrieve any JSON files on the console's pod by using sequences of ../ and valid directory paths.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/openshift/consoleGo | <= 6.0.6 | — |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/openshift/consolepkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
<= 6.0.6+ 1 more
- (no CPE)range: <= 6.0.6
- (no CPE)range: < 0.0.20250327T184518-1.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.