CVE-2024-6535

{"id": "CVE-2024-6535", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-07-17T03:15:01.890", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4865", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:4871", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-6535", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296024", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-1392"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie."}, {"lang": "es", "value": "Se encontr\u00f3 un defecto en Skupper. Cuando Skupper se inicializa con la consola habilitada y con la autenticaci\u00f3n de la consola configurada en Openshift, configura el proxy oauth de openshift con un secreto de cookie est\u00e1tico. En determinadas circunstancias, esto puede permitir que un atacante omita la autenticaci\u00f3n en la consola Skupper mediante una cookie especialmente manipulada."}], "lastModified": "2024-09-18T09:15:06.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12B0CF2B-D1E1-4E20-846E-6F0D873499A9"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}