An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/openshift/console(Go) | 0 | N/A | N/A |
CVSS Metrics
