blob: d4632301732cf9de8a35d646dd4cc2c13c6dd126 [file] [log] [blame]
id: GO-2024-2987
modules:
- module: github.com/skupperproject/skupper
versions:
- fixed: 0.0.0-20240703184342-c26bce4079ff
summary: Skupper uses a static cookie secret for the openshift oauth-proxy in github.com/skupperproject/skupper
cves:
- CVE-2024-6535
ghsas:
- GHSA-w799-v85j-88pg
references:
- advisory: https://github.com/advisories/GHSA-w799-v85j-88pg
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-6535
- fix: https://github.com/skupperproject/skupper/commit/d2cb3782e807853694ee66b6e3d4a1917485eb71
- web: https://access.redhat.com/security/cve/CVE-2024-6535
- web: https://bugzilla.redhat.com/show_bug.cgi?id=2296024
notes:
- fix: 'github.com/skupperproject/skupper: could not add vulnerable_at: cannot auto-guess when fixed version is 0.0.0 pseudo-version'
source:
id: GHSA-w799-v85j-88pg
created: 2024-07-18T16:18:19.770441-04:00
review_status: UNREVIEWED