CVE-2024-50311

Published: Oct 22, 2024Modified: Feb 25, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD (Secondary)

Description

A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users.

Affected (1)

Products: Redhat: Openshift Container Platform

1 product

Openshift Container Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift Container Platform	Version 4.0

Related CWEs

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (3)

https://access.redhat.com/errata/RHSA-2024:6122

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2024-50311

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2319379

Source: secalert@redhat.com

Issue Tracking

Timeline

No history available yet.