Skip to content

Openshift Console insufficient entropy vulnerability

High severity GitHub Reviewed Published Aug 21, 2024 to the GitHub Advisory Database • Updated Aug 21, 2024

Package

gomod github.com/openshift/console (Go)

Affected versions

<= 6.0.6

Patched versions

None

Description

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.

References

Published by the National Vulnerability Database Aug 21, 2024
Published to the GitHub Advisory Database Aug 21, 2024
Reviewed Aug 21, 2024
Last updated Aug 21, 2024

Severity

High

EPSS score

0.043%
(10th percentile)

Weaknesses

CVE ID

CVE-2024-6508

GHSA ID

GHSA-4crf-28c7-v4gr

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.