| id: GO-2024-2987 |
| modules: |
| - module: github.com/skupperproject/skupper |
| versions: |
| - fixed: 0.0.0-20240703184342-c26bce4079ff |
| summary: Skupper uses a static cookie secret for the openshift oauth-proxy in github.com/skupperproject/skupper |
| cves: |
| - CVE-2024-6535 |
| ghsas: |
| - GHSA-w799-v85j-88pg |
| references: |
| - advisory: https://github.com/advisories/GHSA-w799-v85j-88pg |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-6535 |
| - fix: https://github.com/skupperproject/skupper/commit/d2cb3782e807853694ee66b6e3d4a1917485eb71 |
| - web: https://access.redhat.com/security/cve/CVE-2024-6535 |
| - web: https://bugzilla.redhat.com/show_bug.cgi?id=2296024 |
| notes: |
| - fix: 'github.com/skupperproject/skupper: could not add vulnerable_at: cannot auto-guess when fixed version is 0.0.0 pseudo-version' |
| source: |
| id: GHSA-w799-v85j-88pg |
| created: 2024-07-18T16:18:19.770441-04:00 |
| review_status: UNREVIEWED |