CVE-2024-6508

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.

Openshift Console insufficient entropy vulnerability in github.com/openshift/console

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.

Se encontró una vulnerabilidad de entropía insuficiente en Openshift Console. En el tipo de código de autorización y el tipo de concesión implícita, el protocolo OAuth2 es vulnerable a un ataque de Cross-Site Request Forgery (CSRF) si el parámetro de estado se utiliza de manera ineficiente. Esta falla permite iniciar sesión en la cuenta de la aplicación actual de la víctima utilizando una cuenta de terceros sin ninguna restricción.