8
CVE-2024-6508
- EPSS 0.99%
- Veröffentlicht 21.08.2024 06:15:08
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Openshift-console: oauth2 insufficient state parameter entropy
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/openshift/console
≫
Paket
openshift-console
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Container Platform 4.12
Default Statusaffected
Version
v4.12.0-202412201659.p0.g8910d84.assembly.stream.el8
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Container Platform 4.13
Default Statusaffected
Version
v4.13.0-202411300029.p0.g68accd9.assembly.stream.el8
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Container Platform 4.14
Default Statusaffected
Version
v4.14.0-202411131205.p0.g839a801.assembly.stream.el8
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Container Platform 4.15
Default Statusaffected
Version
v4.15.0-202411060036.p0.gd8360d4.assembly.stream.el8
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Container Platform 4.16
Default Statusaffected
Version
v4.16.0-202410231737.p0.gf0870c3.assembly.stream.el9
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Container Platform 4.17
Default Statusaffected
Version
v4.17.0-202410091535.p0.ge61f187.assembly.stream.el9
Version <
*
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.99% | 0.768 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 8 | 1.3 | 6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
|
CWE-331 Insufficient Entropy
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.