Описание
Openshift Console insufficient entropy vulnerability
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-6508
- https://access.redhat.com/errata/RHSA-2024:10813
- https://access.redhat.com/errata/RHSA-2024:7922
- https://access.redhat.com/errata/RHSA-2024:8415
- https://access.redhat.com/errata/RHSA-2024:8991
- https://access.redhat.com/errata/RHSA-2024:9620
- https://access.redhat.com/errata/RHSA-2025:0014
- https://access.redhat.com/security/cve/CVE-2024-6508
- https://bugzilla.redhat.com/show_bug.cgi?id=2295777
Пакеты
github.com/openshift/console
<= 6.0.6
Отсутствует
Связанные уязвимости
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.