CVE-2019-10176

Published: Aug 2, 2019Modified: Nov 21, 2024

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack.

Affected (2)

Products: Redhat: Openshift Container Platform

1 product

Openshift Container Platform

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift Container Platform	Version 3.11
Redhat Openshift Container Platform	Version 4.1

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

https://access.redhat.com/errata/RHSA-2019:2792

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2019:4053

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10176

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://access.redhat.com/errata/RHSA-2019:2792

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2019:4053

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10176

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.