CVE-2024-6508

EPSS 0.51%
Published 21.08.2024 06:15:08
Last modified 09.01.2025 09:15:07
Source secalert@redhat.com
Teams watchlist Login
Open Login

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/openshift/console

≫

Package openshift-console

Default Statusaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4.12

Default Statusaffected

Version < *

Version v4.12.0-202412201659.p0.g8910d84.assembly.stream.el8

Status unaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4.13

Default Statusaffected

Version < *

Version v4.13.0-202411300029.p0.g68accd9.assembly.stream.el8

Status unaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4.14

Default Statusaffected

Version < *

Version v4.14.0-202411131205.p0.g839a801.assembly.stream.el8

Status unaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4.15

Default Statusaffected

Version < *

Version v4.15.0-202411060036.p0.gd8360d4.assembly.stream.el8

Status unaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4.16

Default Statusaffected

Version < *

Version v4.16.0-202410231737.p0.gf0870c3.assembly.stream.el9

Status unaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4.17

Default Statusaffected

Version < *

Version v4.17.0-202410091535.p0.ge61f187.assembly.stream.el9

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.51%	0.653

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	8	1.3	6	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-331 Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

https://access.redhat.com/errata/RHSA-2024:7922

https://access.redhat.com/errata/RHSA-2024:10813

https://access.redhat.com/errata/RHSA-2024:8991

https://access.redhat.com/errata/RHSA-2024:9620

https://access.redhat.com/errata/RHSA-2024:8415

https://access.redhat.com/errata/RHSA-2025:0014

https://access.redhat.com/security/cve/CVE-2024-6508

https://bugzilla.redhat.com/show_bug.cgi?id=2295777

https://nvd.nist.gov/vuln/detail/CVE-2024-6508

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6508

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6508

EUVD