40 matches found
CVE-2024-6535
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...
CVE-2024-6535
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...
CVE-2024-6535
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...
CVE-2024-6535 Skupper: potential authentication bypass to skupper console via forged cookies
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...
CVE-2024-6535 Skupper: potential authentication bypass to skupper console via forged cookies
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...
CVE-2024-6535
CVE-2024-6535 — Skupper authentication bypass risk . The issue occurs when Skupper is initialized with console-enabled and console-auth set to OpenShift, configuring the OpenShift oauth-proxy with a static cookie-secret. Under certain circumstances, a specially-crafted cookie may bypass authentic...
CVE-2024-6535
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...
PT-2024-5369 · Skupper · Skupper
Name of the Vulnerable Software and Affected Versions: Skupper affected versions not specified Description: A flaw was found in Skupper that may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie. This issue arises when Skupper is initialized with the...
RHEL 8 / 9 : skupper-cli and skupper-router (RHSA-2023:6165)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6165 advisory. Security Fixes: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 HTTP/2: Multip...
CVE-2023-5056
A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of...
CVE-2023-5056
A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of...
Design/Logic Flaw
A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of...
CVE-2023-5056 Skupper-operator: privelege escalation via config map
A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of...
CVE-2023-5056
CVE-2023-5056 involves the Skupper operator. A misconfiguration can enable creation of a service account that lets an authenticated attacker in a neighboring cluster view deployments across all namespaces, i.e., unauthorized access to information outside the user’s purview. The issue is tied to p...
The vulnerability of the Skupper package of the Red Hat Service Interconnect software allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Skupper package of the Red Hat Service Interconnect software is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
Important: Red Hat Security Advisory: Red Hat Service Interconnect security update
An update is now available for Service Interconnect 1 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Important: Red Hat Security Advisory: skupper-cli and skupper-router security update
An update for skupper-cli and skupper-router is now available for Service Interconnect 1 for RHEL 8 and Service Interconnect 1 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...
CVE-2023-5056
A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of...
Skupper skupper-operator security vulnerability
Skupper skupper-operator is a Kubernetes operator from the Skupper project. Skupper skupper-operator suffers from a security vulnerability that stems from the possibility of allowing a certain configuration to create a service account that allows an authenticated attacker in a neighboring cluster...
PT-2023-7534 · Unknown · Skupper Operator
Name of the Vulnerable Software and Affected Versions: Skupper operator affected versions not specified Description: A flaw in the Skupper operator may allow an authenticated attacker in an adjacent cluster to view deployments in all namespaces, permitting unauthorized access to information outsi...