77 matches found
CVE-2024-6508
The CVE-2024-6508 issue affects OpenShift Console (OAuth2) where insufficient entropy in the state parameter enables CSRF, potentially allowing login with a third-party account. Connected Red Hat advisories (RHSA) for OpenShift 4.x note this CVE is addressed by security updates in multiple releas...
CVE-2024-6508
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...
PT-2024-37678 · Red Hat · Openshift Console
Name of the Vulnerable Software and Affected Versions: Openshift Console affected versions not specified Description: An insufficient entropy vulnerability was found in the Openshift Console, affecting the authorization code type and implicit grant type of the OAuth2 protocol. This vulnerability...
CVE-2024-7128 Openshift-console: unauthenticated data exposure
A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler and authHandlerWithUser middleware functions. When the default authentication provider "openShiftAuth" is set, these functions do not perform any authentication checks, relying instead on the...
CVE-2024-7128
A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler and authHandlerWithUser middleware functions. When the default authentication provider "openShiftAuth" is set, these functions do not perform any authentication checks, relying instead on the...
PT-2024-38095 · Red Hat · Openshift Console
Name of the Vulnerable Software and Affected Versions: OpenShift console affected versions not specified Description: A flaw was found in the OpenShift console, where several endpoints use the authHandler and authHandlerWithUser middleware functions. When the default authentication provider is se...
CVE-2024-7079
A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser middleware function. Contrary to its name, this...
CVE-2024-7079 Openshift-console: unauthenticated installation of helm charts
A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser middleware function. Contrary to its name, this...
CVE-2024-7079
A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser middleware function. Contrary to its name, this...
PT-2024-38065 · Red Hat · Openshift Console
Name of the Vulnerable Software and Affected Versions: Openshift console affected versions not specified Description: A flaw was found in the Openshift console, specifically in the /API/helm/verify endpoint, which is responsible for fetching and verifying the installation of a Helm chart from a...
PT-2024-5369 · Skupper · Skupper
Name of the Vulnerable Software and Affected Versions: Skupper affected versions not specified Description: A flaw was found in Skupper that may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie. This issue arises when Skupper is initialized with the...
PT-2024-37698 · Red Hat · Openshift Console
Name of the Vulnerable Software and Affected Versions: OpenShift Console affected versions not specified Description: A flaw was found in OpenShift Console, allowing a Server Side Request Forgery SSRF attack to occur if an attacker supplies all or part of a URL to the server to query. The server,...
CVE-2023-0813
A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without...
CVE-2023-0813
A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without...
Authentication flaw
A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without...
CVE-2023-0813 Network-observability-console-plugin-container: setting loki authtoken configuration to disable or host mode leads to authentication longer being enforced
A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without...
PT-2023-16542 · Red Hat +1 · Openshift Console +1
Name of the Vulnerable Software and Affected Versions: OpenShift console affected versions not specified Description: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced,...
CVE-2023-0813
A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.11.5 bug fix and security update
Red Hat OpenShift Container Platform release 4.11.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.56 security and bug fix update
Red Hat OpenShift Container Platform release 4.7.56 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...