Lucene search
+L

7 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-51507

Malicious code in bioql PyPI...

5.3CVSS5.1AI score0.00601EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-4366

Malicious code in bioql PyPI...

6.3CVSS5.5AI score0.00674EPSS
Exploits0References6
veracode
veracode
added 2024/07/19 8:48 a.m.20 views

Authentication Bypass

Skupper is vulnerable to Authentication Bypass. The vulnerability is due to configuring the OpenShift oauth-proxy with a static cookie-secret, which allows an attacker to bypass authentication via a specially-crafted cookie when console-auth is set to OpenShift...

5.3CVSS7.2AI score0.00528EPSS
Exploits0References8Affected Software1
osv
osv
added 2024/07/17 3:31 a.m.20 views

GHSA-W799-V85J-88PG Skupper uses a static cookie secret for the openshift oauth-proxy

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...

8.2CVSS5.4AI score0.00528EPSS
Exploits0References7
github
github
added 2024/07/17 3:31 a.m.32 views

Skupper uses a static cookie secret for the openshift oauth-proxy

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...

5.3CVSS6.8AI score0.00528EPSS
Exploits0References7Affected Software1
vulnrichment
vulnrichment
added 2024/07/17 2:25 a.m.23 views

CVE-2024-6535 Skupper: potential authentication bypass to skupper console via forged cookies

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...

5.3CVSS6.9AI score0.00528EPSS
Exploits0References4
cvelist
cvelist
added 2024/07/17 2:25 a.m.47 views

CVE-2024-6535 Skupper: potential authentication bypass to skupper console via forged cookies

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...

5.3CVSS0.00528EPSS
Exploits0References4
Rows per page
Query Builder