CVE-2024-6535

🗓️ 17 Jul 2024 02:25:25Reported by redhatType

Skupper flaw allows authentication bypass via crafted cooki

Reporter	Title	Published	Views	Family All 16
BDU FSTEC	The vulnerability of the Skupper package, a software tool for managing and integrating microservices in cloud and hybrid environments of Red Hat Service Interconnect, allows a hacker to bypass the authentication process.	6 Aug 202400:00	–	bdu_fstec
Circl	CVE-2024-6535	17 Jul 202405:40	–	circl
Cvelist	CVE-2024-6535 Skupper: potential authentication bypass to skupper console via forged cookies	17 Jul 202402:25	–	cvelist
EUVD	EUVD-2024-2433	3 Oct 202520:07	–	euvd
Github Security Blog	Skupper uses a static cookie secret for the openshift oauth-proxy	17 Jul 202403:31	–	github
NVD	CVE-2024-6535	17 Jul 202403:15	–	nvd
OSV	CVE-2024-6535	17 Jul 202403:15	–	osv
OSV	GHSA-W799-V85J-88PG Skupper uses a static cookie secret for the openshift oauth-proxy	17 Jul 202403:31	–	osv
OSV	GO-2024-2987 Skupper uses a static cookie secret for the openshift oauth-proxy in github.com/skupperproject/skupper	22 Jul 202418:24	–	osv
Prion	CVE-2024-6535	17 Jul 202403:15	–	prion

NVD

Node

redhat service_interconnectMatch1.0

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "0.0.0-20240703184342-c26bce4079ff",
        "versionType": "custom"
      }
    ],
    "packageName": "skupper",
    "collectionURL": "https://github.com/skupperproject/skupper",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Service Interconnect 1.4 for RHEL 9",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "service-interconnect/skupper-flow-collector-rhel9",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1.4.7-1",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:service_interconnect:1.4::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Service Interconnect 1.4 for RHEL 9",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "service-interconnect/skupper-service-controller-rhel9",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1.4.7-1",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:service_interconnect:1.4::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Service Interconnect 1 for RHEL 9",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "service-interconnect/skupper-flow-collector-rhel9",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1.5.5-1",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:service_interconnect:1::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Service Interconnect 1 for RHEL 9",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "service-interconnect/skupper-service-controller-rhel9",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1.5.5-1",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:service_interconnect:1::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Service Interconnect 1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "skupper",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:service_interconnect:1"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2024-6535
access	www.access.redhat.com/errata/RHSA-2024:4871
access	www.access.redhat.com/errata/RHSA-2024:4865

17 Jun 2026 08:18Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.3

EPSS0.00528

SSVC