CVE-2024-6535

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-1392
View all →

Vulnerability Description

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.

Related Vulnerabilities

CVE-2025-1531

MEDIUM
CVSS:6.5(Medium)

Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.This issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before 11.0.4-00.

CWE-13922025

CVE-2024-45068

HIGH
CVSS:7.1(High)

Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA. This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0....

CWE-13922024

CVE-2024-46899

HIGH
CVSS:7.1(High)

Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: ...

CWE-13922024

CVE-2025-2398

HIGH
CVSS:7.2(High)

A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been rated as critical. This issue affects some unknown processi...

CWE-13922025

CVE-2023-30603

CRITICAL
CVSS:9.8(Critical)

Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remot...

CWE-13922023

CVE-2023-30801

CRITICAL
CVSS:9.8(Critical)

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, thi...

CWE-13922023