Security Advisory

CVE-2024-6508

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-08-21 05:45:28

Last updated 2026-02-25 20:31:31

Assigner redhat

State PUBLISHED

Description

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.

← Browse all CVEs View on cve.org ↗