5 matches found
RHCOS 6 : openshift-console (RHSA-2012:1555)
The remote Red Hat Enterprise Linux CoreOS 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2012:1555 advisory. - openshift-console: CSRF attack CVE-2012-5622 Note that Nessus has not tested for this issue but has instead relied only on the application'...
CVE-2024-6508 Openshift-console: oauth2 insufficient state parameter entropy
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victimβs...
CVE-2024-7128 Openshift-console: unauthenticated data exposure
A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler and authHandlerWithUser middleware functions. When the default authentication provider "openShiftAuth" is set, these functions do not perform any authentication checks, relying instead on the...
CVE-2024-7079 Openshift-console: unauthenticated installation of helm charts
A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser middleware function. Contrary to its name, this...
RHEL 6 : openshift-console (RHSA-2012:1555)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2012:1555 advisory. - openshift-console: CSRF attack CVE-2012-5622 Note that Nessus has not tested for this issue but has instead relied only on the application's...