Headline
GHSA-4crf-28c7-v4gr: Openshift Console insufficient entropy vulnerability
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.
Openshift Console insufficient entropy vulnerability
High severity GitHub Reviewed Published Aug 21, 2024 to the GitHub Advisory Database • Updated Aug 21, 2024