Insufficient Entropy Vulnerability in Red Hat Openshift Console Allows CSRF Attacks
CVE-2024-6508

8HIGH

Key Information:

Status
Red Hat Openshift Container Platform 4.12
Red Hat Openshift Container Platform 4.13
Red Hat Openshift Container Platform 4.14
Vendor
CVE Published:
21 August 2024

What is CVE-2024-6508?

An insufficient entropy vulnerability has been identified in the OpenShift Console provided by Red Hat. This vulnerability affects the OAuth2 protocol, specifically the authorization code type and implicit grant type. In scenarios where the state parameter is not efficiently used, the system becomes susceptible to Cross-Site Request Forgery (CSRF) attacks. An attacker could exploit this flaw to gain unauthorized access to a victim's application account using their credentials from a third-party account, posing significant security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/errata/RHSA-2024:10813
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:7922
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8415
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.