6 matches found
MAL-2026-4656 Malicious code in raise-common-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7401fb7c3259e43181ef51ca47b984450f7a849fed5a9598e6131b4c0ed5d2bb The package's rich-text editor module hardcodes an Azure OpenAI endpoint https://aidevused.openai.azure.com/ and an api-key in...
GHSA-4CRF-28C7-V4GR Openshift Console insufficient entropy vulnerability
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...
Openshift Console insufficient entropy vulnerability
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...
CVE-2024-6508 Openshift-console: oauth2 insufficient state parameter entropy
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...
CVE-2024-6508 Openshift-console: oauth2 insufficient state parameter entropy
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...
CVE-2024-6508
The CVE-2024-6508 issue affects OpenShift Console (OAuth2) where insufficient entropy in the state parameter enables CSRF, potentially allowing login with a third-party account. Connected Red Hat advisories (RHSA) for OpenShift 4.x note this CVE is addressed by security updates in multiple releas...