{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6535", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-07-05T18:48:04.548Z", "datePublished": "2024-07-17T02:25:25.958Z", "dateUpdated": "2024-12-31T03:10:29.622Z"}, "containers": {"cna": {"title": "Skupper: potential authentication bypass to skupper console via forged cookies", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "0.0.0-20240703184342-c26bce4079ff", "versionType": "custom"}], "packageName": "skupper", "collectionURL": "https://github.com/skupperproject/skupper", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Service Interconnect 1.4 for RHEL 9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "service-interconnect/skupper-flow-collector-rhel9", "defaultStatus": "affected", "versions": [{"version": "1.4.7-1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:service_interconnect:1.4::el9"]}, {"vendor": "Red Hat", "product": "Service Interconnect 1.4 for RHEL 9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "service-interconnect/skupper-service-controller-rhel9", "defaultStatus": "affected", "versions": [{"version": "1.4.7-1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:service_interconnect:1.4::el9"]}, {"vendor": "Red Hat", "product": "Service Interconnect 1 for RHEL 9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "service-interconnect/skupper-flow-collector-rhel9", "defaultStatus": "affected", "versions": [{"version": "1.5.5-1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:service_interconnect:1::el9"]}, {"vendor": "Red Hat", "product": "Service Interconnect 1 for RHEL 9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "service-interconnect/skupper-service-controller-rhel9", "defaultStatus": "affected", "versions": [{"version": "1.5.5-1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:service_interconnect:1::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Service Interconnect 1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "skupper", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:service_interconnect:1"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4865", "name": "RHSA-2024:4865", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4871", "name": "RHSA-2024:4871", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-6535", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296024", "name": "RHBZ#2296024", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-07-17T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-1392", "description": "Use of Default Credentials", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-1392: Use of Default Credentials", "timeline": [{"lang": "en", "time": "2024-07-05T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-07-17T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-12-31T03:10:29.622Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-17T15:24:58.883446Z", "id": "CVE-2024-6535", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-18T15:16:27.046Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:41:03.493Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4865", "name": "RHSA-2024:4865", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4871", "name": "RHSA-2024:4871", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-6535", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296024", "name": "RHBZ#2296024", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4865", "name": "RHSA-2024:4865", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4871", "name": "RHSA-2024:4871", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-6535", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296024", "name": "RHBZ#2296024", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:41:03.493Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6535", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-17T15:24:58.883446Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T16:00:10.959Z"}}], "cna": {"title": "Skupper: potential authentication bypass to skupper console via forged cookies", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "0.0.0-20240703184342-c26bce4079ff", "versionType": "custom"}], "packageName": "skupper", "collectionURL": "https://github.com/skupperproject/skupper", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:service_interconnect:1.4::el9"], "vendor": "Red Hat", "product": "Service Interconnect 1.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "1.4.7-1", "lessThan": "*", "versionType": "rpm"}], "packageName": "service-interconnect/skupper-flow-collector-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_interconnect:1.4::el9"], "vendor": "Red Hat", "product": "Service Interconnect 1.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "1.4.7-1", "lessThan": "*", "versionType": "rpm"}], "packageName": "service-interconnect/skupper-service-controller-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_interconnect:1::el9"], "vendor": "Red Hat", "product": "Service Interconnect 1 for RHEL 9", "versions": [{"status": "unaffected", "version": "1.5.5-1", "lessThan": "*", "versionType": "rpm"}], "packageName": "service-interconnect/skupper-flow-collector-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_interconnect:1::el9"], "vendor": "Red Hat", "product": "Service Interconnect 1 for RHEL 9", "versions": [{"status": "unaffected", "version": "1.5.5-1", "lessThan": "*", "versionType": "rpm"}], "packageName": "service-interconnect/skupper-service-controller-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_interconnect:1"], "vendor": "Red Hat", "product": "Red Hat Service Interconnect 1", "packageName": "skupper", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-07-05T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-07-17T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-07-17T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4865", "name": "RHSA-2024:4865", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4871", "name": "RHSA-2024:4871", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-6535", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296024", "name": "RHBZ#2296024", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1392", "description": "Use of Default Credentials"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-12-31T03:10:29.622Z"}, "x_redhatCweChain": "CWE-1392: Use of Default Credentials"}}, "cveMetadata": {"cveId": "CVE-2024-6535", "state": "PUBLISHED", "dateUpdated": "2024-12-31T03:10:29.622Z", "dateReserved": "2024-07-05T18:48:04.548Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-07-17T02:25:25.958Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "12B0CF2B-D1E1-4E20-846E-6F0D873499A9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie."}, {"lang": "es", "value": "Se encontr\u00f3 un defecto en Skupper. Cuando Skupper se inicializa con la consola habilitada y con la autenticaci\u00f3n de la consola configurada en Openshift, configura el proxy oauth de openshift con un secreto de cookie est\u00e1tico. En determinadas circunstancias, esto puede permitir que un atacante omita la autenticaci\u00f3n en la consola Skupper mediante una cookie especialmente manipulada."}], "id": "CVE-2024-6535", "lastModified": "2024-11-21T09:49:49.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-17T03:15:01.890", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:4865"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:4871"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-6535"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:4865"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:4871"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-6535"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296024"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1392"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:4865", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-flow-collector-rhel9:1.4.7-1", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4865", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-service-controller-rhel9:1.4.7-1", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4871", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-flow-collector-rhel9:1.5.5-1", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:4871", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-service-controller-rhel9:1.5.5-1", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-07-25T00:00:00Z"}], "bugzilla": {"description": "skupper: potential authentication bypass to skupper console via forged cookies", "id": "2296024", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296024"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-1392", "details": ["A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.", "A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie."], "name": "CVE-2024-6535", "package_state": [{"cpe": "cpe:/a:redhat:service_interconnect:1", "fix_state": "Affected", "package_name": "skupper", "product_name": "Red Hat Service Interconnect 1"}], "public_date": "2024-07-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-6535\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-6535"], "threat_severity": "Moderate"}