Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-4crf-28c7-v4gr: Openshift Console insufficient entropy vulnerability

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.

ghsa
#csrf#vulnerability#git#oauth#auth

Openshift Console insufficient entropy vulnerability

High severity GitHub Reviewed Published Aug 21, 2024 to the GitHub Advisory Database • Updated Aug 21, 2024

ghsa: Latest News

GHSA-49cc-xrjf-9qf7: SFTPGo allows administrators to restrict command execution from the EventManager