CVE Vulnerabilities

CVE-2024-45336

Published: Jan 28, 2025 | Modified: Feb 21, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
5.9 MODERATE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Ubuntu
MEDIUM

The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.

Affected Software

Name Vendor Start Version End Version
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/acm-prometheus-rhel9:v2.11.7-7 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/kube-rbac-proxy-rhel9:v2.11.7-7 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/kube-state-metrics-rhel9:v2.11.7-7 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/memcached-exporter-rhel9:v2.11.7-7 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/node-exporter-rhel9:v2.11.7-7 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/observatorium-rhel9:v2.11.7-10 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/observatorium-rhel9-operator:v2.11.7-13 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/prometheus-alertmanager-rhel9:v2.11.7-7 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/prometheus-rhel9:v2.11.7-8 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/submariner-addon-rhel9:v2.11.7-16 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/thanos-receive-controller-rhel9:v2.11.7-7 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/thanos-rhel9:v2.11.7-9 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/lighthouse-agent-rhel9:v0.18.5-3 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/lighthouse-coredns-rhel9:v0.18.5-3 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/nettest-rhel9:v0.18.5-3 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/subctl-rhel9:v0.18.5-3 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/submariner-gateway-rhel9:v0.18.5-3 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/submariner-globalnet-rhel9:v0.18.5-3 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/submariner-operator-bundle:v0.18.5-4 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/submariner-rhel9-operator:v0.18.5-3 *
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 RedHat rhacm2/submariner-route-agent-rhel9:v0.18.5-3 *
Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 RedHat rhacm2/lighthouse-agent-rhel9:v0.19.3-3 *
Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 RedHat rhacm2/nettest-rhel9:v0.19.3-3 *
Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 RedHat rhacm2/subctl-rhel9:v0.19.3-3 *
Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 RedHat rhacm2/submariner-gateway-rhel9:v0.19.3-3 *
Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 RedHat rhacm2/submariner-rhel9-operator:v0.19.3-3 *
Red Hat Ceph Storage 7.1 RedHat rhceph/grafana-rhel9:10.4.16-1 *
Red Hat Ceph Storage 7.1 RedHat rhceph/keepalived-rhel9:2.2.8-50 *
Red Hat Ceph Storage 7.1 RedHat rhceph/rhceph-7-rhel9:7-522 *
Red Hat Ceph Storage 7.1 RedHat rhceph/rhceph-haproxy-rhel9:2.4.22-52 *
Red Hat Ceph Storage 7.1 RedHat rhceph/rhceph-promtail-rhel9:v3.0.0-21 *
Red Hat Ceph Storage 7.1 RedHat rhceph/snmp-notifier-rhel9:1.2.1-100 *
Red Hat Enterprise Linux 10 RedHat delve-0:1.24.1-1.el10_0 *
Red Hat Enterprise Linux 10 RedHat golang-0:1.23.7-1.el10_0 *
Red Hat Enterprise Linux 8 RedHat go-toolset:rhel8-8100020250321121115.a3795dee *
Red Hat Enterprise Linux 9 RedHat opentelemetry-collector-0:0.107.0-8.el9_5 *
Red Hat Enterprise Linux 9 RedHat delve-0:1.24.1-2.el9_5 *
Red Hat Enterprise Linux 9 RedHat golang-0:1.23.6-2.el9_5 *
Red Hat Enterprise Linux 9 RedHat rhc-1:0.2.6-3.el9_6 *
Red Hat Enterprise Linux 9.4 Extended Update Support RedHat opentelemetry-collector-0:0.107.0-7.el9_4 *
Red Hat OpenShift Service Mesh 2.5 for RHEL 8 RedHat openshift-service-mesh/kiali-rhel8:1.73.20-2 *
RHOL-6.1-RHEL-9 RedHat openshift-logging/cluster-logging-operator-bundle:v6.1.4-10 *
RHOL-6.1-RHEL-9 RedHat openshift-logging/cluster-logging-rhel9-operator:v6.1.4-5 *
RHOL-6.1-RHEL-9 RedHat openshift-logging/eventrouter-rhel9:v0.4.0-356 *
RHOL-6.1-RHEL-9 RedHat openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-337 *
RHOL-6.1-RHEL-9 RedHat openshift-logging/logging-loki-rhel9:v3.4.2-6 *
RHOL-6.1-RHEL-9 RedHat openshift-logging/loki-operator-bundle:v6.1.4-13 *
RHOL-6.1-RHEL-9 RedHat openshift-logging/loki-rhel9-operator:v6.1.4-7 *
RHOL-6.1-RHEL-9 RedHat openshift-logging/lokistack-gateway-rhel9:v0.1.0-752 *
RHOL-6.1-RHEL-9 RedHat openshift-logging/opa-openshift-rhel9:v0.1.0-369 *
RHOL-6.1-RHEL-9 RedHat openshift-logging/vector-rhel9:v0.37.1-34 *
Satellite Client 6 for RHEL 8 RedHat yggdrasil-0:0.2.3-3.el8sat *
Satellite Client 6 for RHEL 9 RedHat yggdrasil-0:0.2.3-3.el9sat *
Red Hat OpenShift distributed tracing 3.5.1 RedHat registry.redhat.io/rhosdt/opentelemetry-rhel8-operator:sha256:adb1f41e544331b0936c6591edb00c169a9e5a2592c12f6ee55aaab8786ff5ba *
Golang Ubuntu trusty *
Golang-1.10 Ubuntu bionic *
Golang-1.10 Ubuntu trusty *
Golang-1.10 Ubuntu trusty/esm *
Golang-1.10 Ubuntu xenial *
Golang-1.13 Ubuntu bionic *
Golang-1.13 Ubuntu xenial *
Golang-1.16 Ubuntu bionic *
Golang-1.18 Ubuntu bionic *
Golang-1.22 Ubuntu upstream *
Golang-1.23 Ubuntu upstream *
Golang-1.6 Ubuntu trusty *
Golang-1.6 Ubuntu xenial *
Golang-1.8 Ubuntu bionic *
Golang-1.9 Ubuntu bionic *

References