Red Hat Service Interconnect
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Service Interconnect.
Recent Red Hat Service Interconnect Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2025:9895 | (RHSA-2025:9895) Important: Red Hat Service Interconnect security update | June 30, 2025 |
| RHSA-2024:4865 | (RHSA-2024:4865) Moderate: Red Hat Service Interconnect security update | July 25, 2024 |
| RHSA-2024:4126 | (RHSA-2024:4126) Important: Red Hat Service Interconnect 1.4.5 Release security update | June 26, 2024 |
| RHSA-2024:4125 | (RHSA-2024:4125) Important: Red Hat Service Interconnect 1.4.5 Release security update | June 26, 2024 |
| RHSA-2024:4034 | (RHSA-2024:4034) Important: Red Hat Service Interconnect 1.5.4 Release security update (images) | June 20, 2024 |
| RHSA-2024:1901 | (RHSA-2024:1901) Moderate: Red Hat Service Interconnect 1.5.3 Release (images) | April 18, 2024 |
| RHSA-2023:6219 | (RHSA-2023:6219) Important: Red Hat Service Interconnect security update | October 31, 2023 |
| RHSA-2023:4003 | (RHSA-2023:4003) Moderate: Red Hat Service Interconnect 1.4 Release security update | July 10, 2023 |
By the Year
In 2026 there have been 0 vulnerabilities in Red Hat Service Interconnect. Service Interconnect did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 4 | 6.60 |
| 2023 | 2 | 7.15 |
It may take a day or so for new Service Interconnect vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Service Interconnect Security Vulnerabilities
Skupper Console Authentication Bypass and Resource Exhaustion Vulnerability
CVE-2024-12582
7.1 - High
- December 24, 2024
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the "admin" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.
Authentication Bypass by Primary Weakness
Uninitialized Buffer in Go FIPS OpenSSL May Cause False HMAC Match
CVE-2024-9355
6.5 - Medium
- October 01, 2024
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
Use of Uninitialized Variable
Skupper Console Bypass via Static Cookie-Secret in OAuth-Proxy
CVE-2024-6535
5.3 - Medium
- July 17, 2024
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.
1392
Memory Leak in Go RSA (golang-fips/openssl) Leads to Resource Exhaustion
CVE-2024-1394
7.5 - High
- March 21, 2024
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
Memory Leak
Skupper Operator Auth Bypass Allows Cross-Cluster Deployment Visibility
CVE-2023-5056
6.8 - Medium
- December 18, 2023
A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview.
AuthZ
HTTP/2 DoS via Stream Reset in nginx
CVE-2023-44487
7.5 - High
- October 10, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Resource Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Service Interconnect or by Red Hat? Click the Watch button to subscribe.
