Lucene search
K

6 matches found

OSV
OSV
added 2026/05/25 9:43 a.m.9 views

MAL-2026-4656 Malicious code in raise-common-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7401fb7c3259e43181ef51ca47b984450f7a849fed5a9598e6131b4c0ed5d2bb The package's rich-text editor module hardcodes an Azure OpenAI endpoint https://aidevused.openai.azure.com/ and an api-key in...

5.8AI score
Exploits0References1
OSV
OSV
added 2024/08/21 6:32 a.m.6 views

GHSA-4CRF-28C7-V4GR Openshift Console insufficient entropy vulnerability

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...

8CVSS7.7AI score0.00559EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2024/08/21 6:32 a.m.13 views

Openshift Console insufficient entropy vulnerability

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...

8CVSS7AI score0.00559EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2024/08/21 5:45 a.m.14 views

CVE-2024-6508 Openshift-console: oauth2 insufficient state parameter entropy

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...

8CVSS0.00559EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/08/21 5:45 a.m.13 views

CVE-2024-6508 Openshift-console: oauth2 insufficient state parameter entropy

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...

8CVSS7.1AI score0.00559EPSS
Exploits0References8
CVE
CVE
added 2024/08/21 5:45 a.m.164 views

CVE-2024-6508

The CVE-2024-6508 issue affects OpenShift Console (OAuth2) where insufficient entropy in the state parameter enables CSRF, potentially allowing login with a third-party account. Connected Red Hat advisories (RHSA) for OpenShift 4.x note this CVE is addressed by security updates in multiple releas...

8CVSS7.9AI score0.00559EPSS
Exploits0References8
Rows per page
Query Builder