{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T08:53:22.843","vulnerabilities":[{"cve":{"id":"CVE-2024-6535","sourceIdentifier":"secalert@redhat.com","published":"2024-07-17T03:15:01.890","lastModified":"2024-11-21T09:49:49.560","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie."},{"lang":"es","value":"Se encontró un defecto en Skupper. Cuando Skupper se inicializa con la consola habilitada y con la autenticación de la consola configurada en Openshift, configura el proxy oauth de openshift con un secreto de cookie estático. En determinadas circunstancias, esto puede permitir que un atacante omita la autenticación en la consola Skupper mediante una cookie especialmente manipulada."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1392"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*","matchCriteriaId":"12B0CF2B-D1E1-4E20-846E-6F0D873499A9"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:4865","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4871","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-6535","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2296024","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"https://access.redhat.com/errata/RHSA-2024:4865","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2024-6535","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2296024","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}}]}