VYPR

Go modules package

github.com/openshift/console

pkg:golang/github.com/openshift/console

Vulnerabilities (3)

  • CVE-2024-7631MedMar 19, 2025
    affected <= 6.0.6

    A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath co

  • CVE-2024-6538MedNov 25, 2024
    affected <= 6.0.6

    A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't read

  • CVE-2024-6508HigAug 21, 2024
    affected <= 6.0.6

    An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging