How severe is CVE-2024-6535?

CVE-2024-6535 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2024-6535

Name: service_interconnect
Author: redhat

5.3MEDIUM

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certai

公開日: 7/17/2024更新日: 11/21/2024

説明

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.

AI分析AIによる分析

影響を受ける製品

redhatservice_interconnect

1.0

参照

https://access.redhat.com/errata/RHSA-2024:4865
https://access.redhat.com/errata/RHSA-2024:4871
https://access.redhat.com/security/cve/CVE-2024-6535
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2296024
Issue Tracking
https://access.redhat.com/errata/RHSA-2024:4865
https://access.redhat.com/errata/RHSA-2024:4871
https://access.redhat.com/security/cve/CVE-2024-6535
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2296024
Issue Tracking