CVE-2024-6535 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-6535 PUBLISHED CVSS 5.300000190734863 MEDIUM

Skupper uses a static cookie secret for the openshift oauth-proxy

EPSS 0.07% · 21.6th percentile

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Score

0.07%

21.6th percentile

Affected Products

Vendor	Product	Versions
github.com	skupperproject/skupper	0
Red Hat	Service Interconnect 1 for RHEL 9	1.5.5-1
redhat	service_interconnect	1.0
		0
Red Hat	Red Hat Service Interconnect 1
Red Hat	Service Interconnect 1 for RHEL 9	1.5.5-1
Red Hat	Service Interconnect 1.4 for RHEL 9	1.4.7-1
Red Hat	Service Interconnect 1.4 for RHEL 9	1.4.7-1

Timeline

Jul 17, 2024 CVE Published
Jul 17, 2024 EPSS Score
Aug 7, 2024 EPSS Score
Aug 28, 2024 EPSS Score
Sep 19, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 10, 2024 EPSS Score
Oct 31, 2024 EPSS Score
Nov 18, 2024 CVE Updated
Nov 21, 2024 EPSS Score
Dec 13, 2024 EPSS Score
Jan 4, 2025 EPSS Score

References

RHSA-2024:4865 vendor-advisory
RHSA-2024:4871 vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-6535 vdb
RHBZ#2296024 issue
https://nvd.nist.gov/vuln/detail/CVE-2024-6535 advisory
https://github.com/skupperproject/skupper/commit/d2cb3782e807853694ee66b6e3d4a1917485eb71 url
https://github.com/skupperproject/skupper package

Open in Interactive Console →