CVE-2024-6508

Name of the Vulnerable Software and Affected Versions Openshift Console (affected versions not specified)

Description An insufficient entropy vulnerability was found in the Openshift Console, affecting the authorization code type and implicit grant type of the OAuth2 protocol. This vulnerability makes the protocol susceptible to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. The flaw allows an attacker to log into the victim's current application account using a third-party account without any restrictions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.