CVE-2024-12582
Published: Dec 24, 2024
Modified: May 6, 2026
CVSS v3.1
7.1
Description
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the "admin" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.
| Vendor | Product | Versions |
|---|---|---|
Unknown | skupper | affected 0 - < 1.8.3 |
Red Hat | Service Interconnect 1 for RHEL 9 | unaffected 1.8.3-1 - < * |
Red Hat | Service Interconnect 1 for RHEL 9 | unaffected 1.8.3-1 - < * |
Red Hat | Service Interconnect 1 for RHEL 9 | unaffected 1.8.3-1 - < * |
Red Hat | Service Interconnect 1 for RHEL 9 | unaffected 1.8.3-1 - < * |
Red Hat | Service Interconnect 1 for RHEL 9 | unaffected 1.8.3-1 - < * |
Red Hat | Service Interconnect 1 for RHEL 9 | unaffected 2.7.3-1 - < * |
Red Hat | Service Interconnect 1 for RHEL 9 | unaffected 1.8.3-1 - < * |
Red Hat | Service Interconnect 1 for RHEL 9 | unaffected 1.8.3-1 - < * |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now