An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.
CVE-2024-6508
Score 8.0 from GitHub Security Advisory published 2024-08-21. NVD baseline CVSS 8.0; sources differ by 0.0.
- High severity, but no confirmed exploitation yet
A fix is available — apply it.
- CVSS v3
- 8.0
- EG Score
- 8.0(medium)
- EPSS
- 42.6%
- KEV
- Not listed
Published
August 21, 2024
Last Modified
April 15, 2026
References (8)
- secalert@redhathttps://access.redhat.com/errata/RHSA-2024:10813
- secalert@redhathttps://access.redhat.com/errata/RHSA-2024:7922
- secalert@redhathttps://access.redhat.com/errata/RHSA-2024:8415
- secalert@redhathttps://access.redhat.com/errata/RHSA-2024:8991
- secalert@redhathttps://access.redhat.com/errata/RHSA-2024:9620
- secalert@redhathttps://access.redhat.com/errata/RHSA-2025:0014
- secalert@redhathttps://access.redhat.com/security/cve/CVE-2024-6508
- secalert@redhathttps://bugzilla.redhat.com/show_bug.cgi?id=2295777
Vendor Advisories for CVE-2024-6508(6)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
- RHSA-2025:0014Red Hat Product SecurityHigh
Red Hat Security Advisory: OpenShift Container Platform 4.12.71 bug fix and security update
- RHSA-2024:10813Red Hat Product SecurityHigh
Red Hat Security Advisory: OpenShift Container Platform 4.13.54 bug fix and security update
- RHSA-2024:9620Red Hat Product SecurityHigh
Red Hat Security Advisory: OpenShift Container Platform 4.14.41 bug fix and security update
- RHSA-2024:8991Red Hat Product SecurityHigh
Red Hat Security Advisory: OpenShift Container Platform 4.15.38 bug fix and security update
- RHSA-2024:8415Red Hat Product SecurityHigh
Red Hat Security Advisory: OpenShift Container Platform 4.16.19 bug fix and security update
- RHSA-2024:7922Red Hat Product SecurityHigh
Red Hat Security Advisory: OpenShift Container Platform 4.17.1 bug fix and security update
Frequently asked(5)
What is CVE-2024-6508?
When was CVE-2024-6508 disclosed?
Is CVE-2024-6508 actively exploited?
What is the CVSS score of CVE-2024-6508?
How do I remediate CVE-2024-6508?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2024-6508
Is Your Infrastructure Affected by CVE-2024-6508?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.