VYPR
High severityGHSA Advisory· Published Jul 17, 2024· Updated Nov 20, 2025

Skupper: potential authentication bypass to skupper console via forged cookies

CVE-2024-6535

Description

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/skupperproject/skupperGo
< 0.0.0-20240703184342-c26bce4079ff0.0.0-20240703184342-c26bce4079ff

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.