Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/vulndb: potential Go vuln in github.com/openshift/console: GHSA-v3w7-g6p2-mpx7 #3289

Closed
GoVulnBot opened this issue Nov 25, 2024 · 1 comment
Labels

Comments

@GoVulnBot
Copy link

Advisory GHSA-v3w7-g6p2-mpx7 references a vulnerability in the following Go modules:

Module
github.com/openshift/console

Description:
A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to clients due to network filtering. Leveraging such an attack vector, the attacker can have an impact on other services and potentially disclose information or have other nefarious effects on the system.
The /api/dev-console/proxy/internet endpoint on the OpenShit Console allows authenticated users to ha...

References:

Cross references:

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/openshift/console
      vulnerable_at: 6.0.6+incompatible
summary: OpenShift Console Server Side Request Forgery vulnerability in github.com/openshift/console
cves:
    - CVE-2024-6538
ghsas:
    - GHSA-v3w7-g6p2-mpx7
references:
    - advisory: https://github.com/advisories/GHSA-v3w7-g6p2-mpx7
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-6538
    - web: https://access.redhat.com/security/cve/CVE-2024-6538
    - web: https://bugzilla.redhat.com/show_bug.cgi?id=2296057
source:
    id: GHSA-v3w7-g6p2-mpx7
    created: 2024-11-25T18:01:16.522198129Z
review_status: UNREVIEWED

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/632255 mentions this issue: data/reports: add 7 unreviewed reports

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants