| id: GO-2024-2789 |
| modules: |
| - module: github.com/openshift/cluster-monitoring-operator |
| unsupported_versions: |
| - last_affected: 0.1.1 |
| vulnerable_at: 3.11.0+incompatible |
| summary: Cluster Monitoring Operator contains a credentials leak in github.com/openshift/cluster-monitoring-operator |
| cves: |
| - CVE-2024-1139 |
| ghsas: |
| - GHSA-x5m7-63c6-fx79 |
| references: |
| - advisory: https://github.com/advisories/GHSA-x5m7-63c6-fx79 |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-1139 |
| - fix: https://github.com/openshift/cluster-monitoring-operator/commit/1cfbe9ffafe1e43f8f87a451b72fddf5d76fa4e3 |
| - fix: https://github.com/openshift/cluster-monitoring-operator/pull/1747 |
| - web: https://access.redhat.com/errata/RHSA-2024:1887 |
| - web: https://access.redhat.com/errata/RHSA-2024:1891 |
| - web: https://access.redhat.com/errata/RHSA-2024:2047 |
| - web: https://access.redhat.com/errata/RHSA-2024:2782 |
| - web: https://access.redhat.com/security/cve/CVE-2024-1139 |
| - web: https://bugzilla.redhat.com/show_bug.cgi?id=2262158 |
| - web: https://github.com/openshift/cluster-monitoring-operator/blob/d45a3335c2bbada0948adef9fcba55c4e14fa1d7/pkg/manifests/manifests.go#L3135 |
| source: |
| id: GHSA-x5m7-63c6-fx79 |
| created: 2024-06-04T15:27:27.603431-04:00 |
| review_status: UNREVIEWED |
