CVE-2024-6508

EPSS 0.51%
Veröffentlicht 21.08.2024 06:15:08
Zuletzt bearbeitet 09.01.2025 09:15:07
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/openshift/console

≫

Paket openshift-console

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift Container Platform 4.12

Default Statusaffected

Version < *

Version v4.12.0-202412201659.p0.g8910d84.assembly.stream.el8

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift Container Platform 4.13

Default Statusaffected

Version < *

Version v4.13.0-202411300029.p0.g68accd9.assembly.stream.el8

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift Container Platform 4.14

Default Statusaffected

Version < *

Version v4.14.0-202411131205.p0.g839a801.assembly.stream.el8

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift Container Platform 4.15

Default Statusaffected

Version < *

Version v4.15.0-202411060036.p0.gd8360d4.assembly.stream.el8

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift Container Platform 4.16

Default Statusaffected

Version < *

Version v4.16.0-202410231737.p0.gf0870c3.assembly.stream.el9

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift Container Platform 4.17

Default Statusaffected

Version < *

Version v4.17.0-202410091535.p0.ge61f187.assembly.stream.el9

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.51%	0.653

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	8	1.3	6	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-331 Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

https://access.redhat.com/errata/RHSA-2024:7922

https://access.redhat.com/errata/RHSA-2024:10813

https://access.redhat.com/errata/RHSA-2024:8991

https://access.redhat.com/errata/RHSA-2024:9620

https://access.redhat.com/errata/RHSA-2024:8415

https://access.redhat.com/errata/RHSA-2025:0014

https://access.redhat.com/security/cve/CVE-2024-6508

https://bugzilla.redhat.com/show_bug.cgi?id=2295777

https://nvd.nist.gov/vuln/detail/CVE-2024-6508

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6508

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6508

EUVD