An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.

Affected Packages

Go github.com/openshift/console

Affected versions: 0 (last affected: 6.0.6)

Related CVEs

CVE-2024-6508

Key Information

GHSA ID

GHSA-4crf-28c7-v4gr

Published

August 21, 2024 6:32 AM

Last Modified

January 9, 2025 9:31 AM

CVSS Score

5.0 /10

Primary Ecosystem

Primary Package

github.com/openshift/console

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.