CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6535 – Skupper: potential authentication bypass to skupper console via forged cookies
https://notcve.org/view.php?id=CVE-2024-6535
17 Jul 2024 — A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie. Se encontró un defecto en Skupper. Cuando Skupper se inicializa con la consola habilitada y con la autenticación de la consola configurada en Openshift, configura el proxy oauth de openshi... • https://access.redhat.com/security/cve/CVE-2024-6535 • CWE-287: Improper Authentication CWE-1392: Use of Default Credentials •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5056 – Skupper-operator: privelege escalation via config map
https://notcve.org/view.php?id=CVE-2023-5056
13 Nov 2023 — A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview. Se encontró una falla en el operador Skupper, que puede permitir que una determinada configuración cree una cuenta de servicio que permitiría a un atacante autenticado en el clúster adyacente ve... • https://access.redhat.com/errata/RHSA-2023:6219 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •