CVE-2024-6508
Openshift-console: oauth2 insufficient state parameter entropy
CVSS Score
8.0
EPSS Score
0.0%
EPSS Percentile
0th
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victimβs current application account using a third-party account without any restrictions.
| CWE | CWE-331 |
| Published | Aug 21, 2024 |
| Last Updated | Feb 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for
Be the first to know when new high vulnerabilities are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.17
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2024:10813 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:7922 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:8415 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:8991 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:9620 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:0014 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-6508 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2295777