CVE-2024-6535 – CVE-2024-6535 is an authentication bypass vulne... (How to Fix)

Q: What is the severity of CVE-2024-6535?

CVE-2024-6535 has a CVSS score of 5.3 (MEDIUM). CVE-2024-6535 is an authentication bypass vulnerability in Skupper's console when configured with OpenShift OAuth. Attackers can craft malicious cookies to gain unauthorized access to the Skupper console. This affects Skupper deployments with console-enabled and console-auth set to Openshift.

📋 TL;DR

CVE-2024-6535 is an authentication bypass vulnerability in Skupper's console when configured with OpenShift OAuth. Attackers can craft malicious cookies to gain unauthorized access to the Skupper console. This affects Skupper deployments with console-enabled and console-auth set to Openshift.

💻 Affected Systems

Products:

Skupper

Versions: All versions before the fix

Operating Systems: Linux, Container platforms running Skupper

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when Skupper is initialized with both console-enabled=true and console-auth=Openshift parameters.

📦 What is this software?

Service Interconnect by Redhat

View all CVEs affecting Service Interconnect →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Skupper console allowing unauthorized access to service mesh configuration, potential lateral movement within the cluster, and exposure of sensitive service mesh data.

🟠

Likely Case

Unauthorized access to Skupper console leading to viewing of service mesh topology, configuration details, and potential disruption of service mesh operations.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially only exposing non-sensitive console information.

🌐 Internet-Facing: MEDIUM - If Skupper console is exposed to the internet, attackers could bypass authentication, but requires specific cookie crafting knowledge.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to gain unauthorized console access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting specific cookies to bypass OAuth proxy authentication. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Skupper updates via Red Hat advisories RHSA-2024:4865 and RHSA-2024:4871

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2024-6535

Restart Required: Yes

Instructions:

1. Update Skupper to patched version via Red Hat channels. 2. Restart Skupper components. 3. Verify console-auth configuration uses dynamic cookie-secret generation.

🔧 Temporary Workarounds

Disable Skupper Console

all

Temporarily disable the vulnerable console component until patching can be completed.

skupper init --console-enabled=false

Change Authentication Method

all

Switch from Openshift OAuth to alternative authentication method.

skupper init --console-auth=internal

🧯 If You Can't Patch

Implement network access controls to restrict Skupper console access to trusted IPs only
Monitor authentication logs for suspicious cookie patterns and failed authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check if Skupper is running with console-enabled=true and console-auth=Openshift in initialization parameters.

Check Version:

skupper version

Verify Fix Applied:

Verify Skupper version is updated per Red Hat advisories and console-auth configuration no longer uses static cookie-secret.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful access
Unusual cookie patterns in authentication logs
Access from unexpected IP addresses to Skupper console

Network Indicators:

HTTP requests with crafted cookie headers to Skupper console endpoint
Traffic to Skupper console port (default 8080) from unauthorized sources

SIEM Query:

source="skupper" AND (event="authentication_failure" OR event="cookie_validation_failed")

📊 Metadata

CVE ID: CVE-2024-6535

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-1392

Published: July 17, 2024

Last Updated: November 21, 2024

🔗 References

https://access.redhat.com/errata/RHSA-2024:4865
https://access.redhat.com/errata/RHSA-2024:4871
https://access.redhat.com/security/cve/CVE-2024-6535 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2296024 Issue Tracking
https://access.redhat.com/errata/RHSA-2024:4865
https://access.redhat.com/errata/RHSA-2024:4871
https://access.redhat.com/security/cve/CVE-2024-6535 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2296024 Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6535, you might also want to check these: