QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-6535

Back to search

CVE-2024-6535

Published: Jul 17, 2024

Modified: Nov 20, 2025

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.

VendorProductVersions

Unknown

skupper

affected
0 - < 0.0.0-20240703184342-c26bce4079ff

Red Hat

Service Interconnect 1.4 for RHEL 9

unaffected
1.4.7-1 - < *

Red Hat

Service Interconnect 1.4 for RHEL 9

unaffected
1.4.7-1 - < *

Red Hat

Service Interconnect 1 for RHEL 9

unaffected
1.5.5-1 - < *

Red Hat

Service Interconnect 1 for RHEL 9

unaffected
1.5.5-1 - < *

Red Hat

Red Hat Service Interconnect 1

All versions

Weaknesses (CWE)

CWE-1392

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

RHSA-2024:4865
vendor-advisory
x_refsource_REDHAT
RHSA-2024:4871
vendor-advisory
x_refsource_REDHAT
RHBZ#2296024
issue-tracking
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now