A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/skupperproject/skupper(Go) | 0 | 0.0.0-20240703184342-c26bce4079ff | N/A |
CVSS Metrics
