Lucene search
K

40 matches found

NVD
NVD
added 2024/07/17 3:15 a.m.42 views

CVE-2024-6535

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...

5.3CVSS0.00528EPSS
Exploits0References4
OSV
OSV
added 2024/07/17 3:15 a.m.7 views

CVE-2024-6535

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...

5.3CVSS6AI score0.00528EPSS
Exploits0References4
Prion
Prion
added 2024/07/17 3:15 a.m.19 views

CVE-2024-6535

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...

5.3CVSS0.00528EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/07/17 2:25 a.m.45 views

CVE-2024-6535 Skupper: potential authentication bypass to skupper console via forged cookies

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...

5.3CVSS0.00528EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/07/17 2:25 a.m.23 views

CVE-2024-6535 Skupper: potential authentication bypass to skupper console via forged cookies

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...

5.3CVSS6.9AI score0.00528EPSS
Exploits0References4
CVE
CVE
added 2024/07/17 2:25 a.m.113 views

CVE-2024-6535

CVE-2024-6535 — Skupper authentication bypass risk . The issue occurs when Skupper is initialized with console-enabled and console-auth set to OpenShift, configuring the OpenShift oauth-proxy with a static cookie-secret. Under certain circumstances, a specially-crafted cookie may bypass authentic...

5.3CVSS5.5AI score0.00528EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2024/07/17 2:24 a.m.24 views

CVE-2024-6535

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...

5.3CVSS5.7AI score0.00528EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/05 12:0 a.m.5 views

PT-2024-5369 · Skupper · Skupper

Name of the Vulnerable Software and Affected Versions: Skupper affected versions not specified Description: A flaw was found in Skupper that may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie. This issue arises when Skupper is initialized with the...

8.2CVSS6.8AI score0.00528EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.50 views

RHEL 8 / 9 : skupper-cli and skupper-router (RHSA-2023:6165)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6165 advisory. Security Fixes: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 HTTP/2: Multip...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References9
OSV
OSV
added 2023/12/18 2:15 p.m.7 views

CVE-2023-5056

A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of...

4.1CVSS5.5AI score0.00273EPSS
Exploits0References3
NVD
NVD
added 2023/12/18 2:15 p.m.38 views

CVE-2023-5056

A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of...

6.8CVSS0.00273EPSS
Exploits0References3
Prion
Prion
added 2023/12/18 2:15 p.m.13 views

Design/Logic Flaw

A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of...

2.7CVSS6.4AI score0.00273EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/12/18 1:43 p.m.40 views

CVE-2023-5056 Skupper-operator: privelege escalation via config map

A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of...

6.8CVSS6.4AI score0.00273EPSS
Exploits0References3
CVE
CVE
added 2023/12/18 1:43 p.m.95 views

CVE-2023-5056

CVE-2023-5056 involves the Skupper operator. A misconfiguration can enable creation of a service account that lets an authenticated attacker in a neighboring cluster view deployments across all namespaces, i.e., unauthorized access to information outside the user’s purview. The issue is tied to p...

6.8CVSS4.9AI score0.00273EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/12/11 12:0 a.m.8 views

The vulnerability of the Skupper package of the Red Hat Service Interconnect software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Skupper package of the Red Hat Service Interconnect software is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

6.8CVSS6AI score0.00273EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2023/10/31 6:3 p.m.62 views

Important: Red Hat Security Advisory: Red Hat Service Interconnect security update

An update is now available for Service Interconnect 1 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

6.8CVSS6.2AI score0.00273EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/10/30 8:22 a.m.69 views

Important: Red Hat Security Advisory: skupper-cli and skupper-router security update

An update for skupper-cli and skupper-router is now available for Service Interconnect 1 for RHEL 8 and Service Interconnect 1 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References6
RedhatCVE
RedhatCVE
added 2023/10/26 3:57 p.m.41 views

CVE-2023-5056

A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of...

6.8CVSS6.5AI score0.00273EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.4 views

Skupper skupper-operator security vulnerability

Skupper skupper-operator is a Kubernetes operator from the Skupper project. Skupper skupper-operator suffers from a security vulnerability that stems from the possibility of allowing a certain configuration to create a service account that allows an authenticated attacker in a neighboring cluster...

6.8CVSS6.6AI score0.00273EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/09/18 12:0 a.m.6 views

PT-2023-7534 · Unknown · Skupper Operator

Name of the Vulnerable Software and Affected Versions: Skupper operator affected versions not specified Description: A flaw in the Skupper operator may allow an authenticated attacker in an adjacent cluster to view deployments in all namespaces, permitting unauthorized access to information outsi...

6.8CVSS5.1AI score0.00273EPSS
Exploits0References8
Rows per page
Query Builder