CVE-2024-6535 is a vulnerability identified in the Skupper project, specifically when it is initialized with the console enabled and the console-auth configuration set to use Openshift authentication. The root cause is that the openshift oauth-proxy component is configured with a static, hardcoded cookie-secret. This static secret is used to sign authentication cookies, and because it does not change per deployment or session, an attacker who can craft a specially-crafted cookie signed with this secret can bypass the authentication mechanism and gain unauthorized access to the Skupper console. The console provides a web-based interface for managing Skupper, which is a tool used to create secure application network connectivity across Kubernetes clusters. The vulnerability does not directly expose confidential data or affect system availability but compromises the integrity of the authentication process, allowing unauthorized users to perform console operations. The CVSS 3.1 base score is 5.3 (medium), reflecting that the attack vector is network-based, requires no privileges, no user interaction, and the scope remains unchanged. No known exploits have been reported in the wild as of the publication date. The affected versions are not explicitly detailed beyond version '0', suggesting early or initial releases may be impacted. The flaw was reserved and published in July 2024 by Red Hat. This vulnerability is significant for environments relying on Skupper with Openshift authentication, as it undermines the security of the console access control.

For European organizations, the impact of CVE-2024-6535 centers on unauthorized access to the Skupper console, which could allow attackers to manipulate network connectivity configurations between Kubernetes clusters. This could lead to unauthorized changes in network routing, potentially enabling lateral movement or exposure of internal services. Although confidentiality and availability are not directly affected, the integrity of network management is compromised, which can have cascading effects on operational security. Organizations using Skupper in production environments, especially those integrating with Openshift for authentication, face increased risk of unauthorized administrative access. This is particularly critical for sectors with stringent regulatory requirements such as finance, healthcare, and critical infrastructure, where unauthorized configuration changes could violate compliance or disrupt services. The lack of known exploits reduces immediate risk, but the ease of exploitation (no privileges or user interaction required) means that attackers could develop exploits rapidly once the vulnerability is public. European entities with multi-cluster Kubernetes deployments leveraging Skupper and Openshift should prioritize assessment and remediation to prevent potential misuse.

To mitigate CVE-2024-6535, organizations should first verify if their Skupper deployments have the console enabled with console-auth set to Openshift. If so, they should immediately rotate or replace the static cookie-secret used by the openshift oauth-proxy with a unique, strong secret per deployment to prevent cookie forgery. If the console is not required, disabling it entirely reduces the attack surface. Monitoring and logging access to the Skupper console should be enhanced to detect unusual authentication attempts or access patterns. Applying any available patches or updates from Skupper or Red Hat as they become available is critical. Additionally, implementing network segmentation to restrict access to the console interface only to trusted administrative networks can reduce exposure. Organizations should also review their Kubernetes and Openshift authentication configurations to ensure no other default or static credentials are in use. Conducting regular security audits and penetration tests focusing on authentication mechanisms will help identify similar weaknesses proactively.