CVE-2024-6508 Openshift-console: oauth2 insufficient state parameter entropy

🗓️ 21 Aug 2024 05:45:28Reported by redhatType

Insufficient entropy vulnerability in Openshift Consol

Reporter	Title	Published	Views	Family All 18
Circl	CVE-2024-6508	21 Aug 202409:01	–	circl
CNNVD	Red Hat OpenShift 安全特征问题漏洞	19 Aug 202400:00	–	cnnvd
CVE	CVE-2024-6508	21 Aug 202405:45	–	cve
EUVD	EUVD-2024-2489	3 Oct 202520:07	–	euvd
Github Security Blog	Openshift Console insufficient entropy vulnerability	21 Aug 202406:32	–	github
NVD	CVE-2024-6508	21 Aug 202406:15	–	nvd
OSV	GHSA-4CRF-28C7-V4GR Openshift Console insufficient entropy vulnerability	21 Aug 202406:32	–	osv
OSV	GO-2024-3083 Openshift Console insufficient entropy vulnerability in github.com/openshift/console	30 Aug 202417:18	–	osv
Positive Technologies	PT-2024-37678 · Red Hat · Openshift Console	19 Aug 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-6508	19 Aug 202413:44	–	redhatcve

[
  {
    "packageName": "openshift-console",
    "collectionURL": "https://github.com/openshift/console",
    "defaultStatus": "affected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.12",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "openshift4/ose-console",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "v4.12.0-202412201659.p0.g8910d84.assembly.stream.el8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.12::el9",
      "cpe:/a:redhat:openshift:4.12::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.13",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "openshift4/ose-console",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "v4.13.0-202411300029.p0.g68accd9.assembly.stream.el8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.13::el8",
      "cpe:/a:redhat:openshift:4.13::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.14",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "openshift4/ose-console",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "v4.14.0-202411131205.p0.g839a801.assembly.stream.el8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.14::el9",
      "cpe:/a:redhat:openshift:4.14::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.15",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "openshift4/ose-console",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "v4.15.0-202411060036.p0.gd8360d4.assembly.stream.el8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.15::el9",
      "cpe:/a:redhat:openshift:4.15::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.16",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "openshift4/ose-console-rhel9",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "v4.16.0-202410231737.p0.gf0870c3.assembly.stream.el9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.16::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4.17",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "openshift4/ose-console-rhel9",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "v4.17.0-202410091535.p0.ge61f187.assembly.stream.el9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:openshift:4.17::el9"
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2024:8415
access	www.access.redhat.com/errata/RHSA-2025:0014
access	www.access.redhat.com/errata/RHSA-2024:10813
access	www.access.redhat.com/errata/RHSA-2024:7922
access	www.access.redhat.com/errata/RHSA-2024:8991
access	www.access.redhat.com/security/cve/CVE-2024-6508
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2024:9620

25 Feb 2026 20:31Current

CVSS 3.18

EPSS0.00987

CWE-331