Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13Nzk5LXY4NWotODhwZ84AA997

Skupper uses a static cookie secret for the openshift oauth-proxy

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.

Permalink: https://github.com/advisories/GHSA-w799-v85j-88pg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13Nzk5LXY4NWotODhwZ84AA997
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 4 months ago
Updated: 5 days ago


CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-w799-v85j-88pg, CVE-2024-6535
References: Repository: https://github.com/skupperproject/skupper
Blast Radius: 3.6

Affected Packages

go:github.com/skupperproject/skupper
Dependent packages: 3
Dependent repositories: 4
Downloads:
Affected Version Ranges: < 0.0.0-20240703184342-c26bce4079ff
Fixed in: 0.0.0-20240703184342-c26bce4079ff
All affected versions: 0.0.0-20220414145334-bed90da3936c, 0.0.0-20220426151038-1624d9356720, 0.0.0-20220503200755-1439e4431a01, 0.0.0-20220505142453-d48affc3b486, 0.0.0-20220506092449-9c5331404eda, 0.0.0-20220506113427-6448363b2da9, 0.0.0-20220509181449-659a82530dd2, 0.0.0-20221109184710-327124431536, 0.0.0-20221213172136-0fe3e54391a4, 0.0.0-20230117171301-934f987b7cf2, 0.0.0-20230118133805-e2b9f2abd6a8, 0.0.0-20230119134958-46ac3a9b8014, 0.0.0-20230203185233-148f328b288e, 0.0.0-20230207183615-9c8a6af8b69d, 0.0.0-20230208103131-919f4995517a, 0.0.0-20230208125317-8573b141ea43, 0.0.0-20230208180734-56047b5f607f, 0.0.0-20230208204553-b79f54eb5608, 0.0.0-20230209135059-b90647bf38fa, 0.0.0-20230209163629-9da4aa2315a8, 0.0.0-20230209185027-431ac10444a9, 0.0.0-20230210163546-56f48f91e628, 0.0.0-20230210195205-075c8787dcab, 0.0.0-20230210211731-043cb3246c25, 0.0.0-20230213132009-87e6029d6055, 0.0.0-20230213152015-a2f0da300445, 0.0.0-20230213171038-ca998dc08cfd, 0.0.0-20230213232533-db0618bbeffc, 0.0.0-20230227135808-8cc6f8ac852a, 0.0.0-20230228121319-f021b89c64c5, 0.0.0-20230228150722-218f24741c84, 0.0.0-20230320141500-741c9275d8d5, 0.0.0-20230321131531-a38fd0baae01, 0.0.0-20230419184729-d2fdff1a2566, 0.0.0-20230425011131-29c0afad909d, 0.0.0-20230428125413-2e2de30623da, 0.0.0-20230504160235-5257fd37ae5a, 0.0.0-20230524182310-de9d0930f015, 0.0.0-20230602180000-fa48b5f02714, 0.0.0-20230607171958-ad3a1f92fe2f, 0.0.0-20230612155559-826d37a00c6c, 0.0.0-20230623164432-4d25d21f4e24, 0.0.0-20230628155405-d9aaf1c38496, 0.0.0-20230731141812-b13293e77785, 0.0.0-20230816202317-8b23929ffa98, 0.0.0-20230824202028-72e820fd6208, 0.0.0-20230901183920-417ff58fdf9a, 0.0.0-20230918153856-4c93304a42cb, 0.0.0-20230919151207-004c638d6a7a, 0.0.0-20230919210851-8f0bdc6b261e, 0.0.0-20230920164822-6a0acae942d8, 0.0.0-20230926214304-5a63b4e51e13, 0.0.0-20231013203727-06f42e106da2, 0.0.0-20231024174001-13d3317ac68b, 0.0.0-20231024192045-739b810d04a3, 0.0.0-20231025153437-663fe7eeea40, 0.0.0-20231025161838-aaabb95c7c40, 0.0.0-20231027101346-79b93f6298fb, 0.0.0-20231030131641-e5a7a54d8119, 0.0.0-20231030171120-e42374db3b83, 0.0.0-20231030182951-8c6efde2a044, 0.0.0-20231031021756-4875852888ef, 0.0.0-20231031144317-a4fb31739b7d, 0.0.0-20231031173819-29f9e92f799e, 0.0.0-20231101130054-48f15cb4ec73, 0.0.0-20231102163420-0b788084bacf, 0.0.0-20231103164049-fb5f8567d6b0, 0.0.0-20231103165524-68d27850e743, 0.0.0-20231103170934-e785d94e05a8, 0.0.0-20231103175003-255284a10fa8, 0.0.0-20231106181419-ab8d0c493812, 0.0.0-20231107161053-8ef361c84b6e, 0.0.0-20231107191207-c733c45a6c16, 0.0.0-20231109183821-c2e645b27e8f, 0.0.0-20231109192731-258dd707731f, 0.0.0-20231110141447-a526a0d8e08b, 0.0.0-20231110143507-716788745277, 0.0.0-20231110193854-3a8717efa67c, 0.0.0-20231113133438-285bd9fb3c7b, 0.0.0-20231115114758-1ec62f2032f5, 0.0.0-20231122132757-7c7705f687e0, 0.0.0-20231122185025-792b3b8c861d, 0.0.0-20231128114511-61b1962bdf66, 0.0.0-20231129164539-145a70691460, 0.0.0-20231130121321-8694b5404c94, 0.0.0-20231130141500-d84064289fde, 0.0.0-20231201124606-e56ac97062a5, 0.0.0-20231201181811-e3bd1d4a4dec, 0.0.0-20231204164948-fd7ae72fc4c8, 0.0.0-20231205144302-38fe369b5a30, 0.0.0-20231205193855-c0e57d39ca89, 0.0.0-20231206104419-230d4f62682b, 0.0.0-20231207172710-5da80478df68, 0.0.0-20231208200551-2cf971d36dcd, 0.0.0-20231212095922-9e1f39ff06e7, 0.0.0-20231212113530-d16a6477406a, 0.0.0-20231212174846-586bf3f04a25, 0.0.0-20231212195623-629163c2c395, 0.0.0-20231213201102-dec39ac788a9, 0.0.0-20231214200739-c841924f7142, 0.0.0-20231214215902-8c6376f5866c, 0.0.0-20231215144115-88c6b7279c10, 0.0.0-20231215151829-223de440ab83, 0.0.0-20231215175350-628277f55461, 0.0.0-20231221210459-a505998fd624, 0.0.0-20231222220119-497bb27e0038, 0.0.0-20240102152554-3537f7216211, 0.0.0-20240102173538-15a9ed5dd226, 0.0.0-20240103231304-872b00ef9f1a, 0.0.0-20240108105412-970997c97337, 0.0.0-20240110183841-d5cf769e4270, 0.0.0-20240111182551-9f5845b135ae, 0.0.0-20240115180151-95df5c9fd649, 0.0.0-20240116131152-412dd78eaee4, 0.0.0-20240117124057-c56439e8ad2d, 0.0.0-20240117143017-7f57447735e5, 0.0.0-20240117144738-f2ca2a5b5b48, 0.0.0-20240122143727-c6fb058a9f75, 0.0.0-20240123144447-4e9bae44bbd8, 0.0.0-20240125160924-96e51a2779dc
All unaffected versions: