CVE-2024-12582
- EPSS 0.23%
- Veröffentlicht 24.12.2024 04:15:05
- Zuletzt bearbeitet 13.02.2025 14:15:28
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method i...
CVE-2024-6535
- EPSS 0.07%
- Veröffentlicht 17.07.2024 03:15:01
- Zuletzt bearbeitet 21.11.2024 09:49:49
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to byp...
CVE-2023-5056
- EPSS 0.05%
- Veröffentlicht 18.12.2023 14:15:10
- Zuletzt bearbeitet 21.11.2024 08:40:59
A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits...
CVE-2023-44487
- EPSS 94.44%
- Veröffentlicht 10.10.2023 14:15:10
- Zuletzt bearbeitet 11.06.2025 17:29:54
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.