CVE-2024-6535

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:4865
https://access.redhat.com/errata/RHSA-2024:4871
https://access.redhat.com/security/cve/CVE-2024-6535	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2296024	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-07-17 03:15

Updated : 2024-07-25 16:15

NVD link : CVE-2024-6535

Mitre link : CVE-2024-6535

CVE.ORG link : CVE-2024-6535

JSON object : View

Products Affected

redhat

service_interconnect

CWE

CWE-287

Improper Authentication

CWE-1392

Use of Default Credentials

{"id": "CVE-2024-6535", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2024-07-17T03:15:01.890", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4865", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:4871", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-6535", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296024", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-1392"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie."}, {"lang": "es", "value": "Se encontr\u00f3 un defecto en Skupper. Cuando Skupper se inicializa con la consola habilitada y con la autenticaci\u00f3n de la consola configurada en Openshift, configura el proxy oauth de openshift con un secreto de cookie est\u00e1tico. En determinadas circunstancias, esto puede permitir que un atacante omita la autenticaci\u00f3n en la consola Skupper mediante una cookie especialmente manipulada."}], "lastModified": "2024-07-25T16:15:04.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12B0CF2B-D1E1-4E20-846E-6F0D873499A9"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}