Static Cookie Secret Vulnerability in Skupper

CVE-2024-6535

5.3MEDIUM

Key Information

Vendor: Red Hat
Status: Red Hat Service Interconnect 1
Vendor: CVE Published:; 17 July 2024

Summary

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 5.9 - (MEDIUM)
Jul 17, 2024
Vulnerability published.
Jul 17, 2024
Vulnerability Reserved.
Jul 5, 2024
Reported to Red Hat.
Jul 5, 2024

Collectors

NVD DatabaseMitre Database