CVE-2024-6508 – github.com/openshift/console

Package

Manager: go
Name: github.com/openshift/console
Vulnerable Version: >=0 <=6.0.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

EPSS: 0.00433 pctl0.61893

Details

Openshift Console insufficient entropy vulnerability An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.

Metadata

Created: 2024-08-21T06:32:18Z
Modified: 2025-01-09T09:31:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-4crf-28c7-v4gr/GHSA-4crf-28c7-v4gr.json
CWE IDs: ["CWE-331"]
Alternative ID: GHSA-4crf-28c7-v4gr
Finding: F034
Auto approve: 1