An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.
Metrics
Affected Vendors & Products
References
History
Wed, 21 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 21 Aug 2024 06:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | openshift-console: OAuth2 insufficient state parameter entropy | Openshift-console: oauth2 insufficient state parameter entropy |
First Time appeared |
Redhat
Redhat openshift |
|
CPEs | cpe:/a:redhat:openshift:4 | |
Vendors & Products |
Redhat
Redhat openshift |
|
References |
|
Mon, 19 Aug 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions. | |
Title | openshift-console: OAuth2 insufficient state parameter entropy | |
Weaknesses | CWE-331 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-08-21T05:45:28.303Z
Updated: 2024-09-17T08:15:08.940Z
Reserved: 2024-07-04T11:10:33.464Z
Link: CVE-2024-6508
Vulnrichment
Updated: 2024-08-21T13:37:42.967Z
NVD
Status : Awaiting Analysis
Published: 2024-08-21T06:15:08.120
Modified: 2024-08-21T12:30:33.697
Link: CVE-2024-6508
Redhat