CVE-2020-10715

Published: Sep 16, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.

Affected (2)

Products: Redhat: Openshift

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift	From 4.0 to 4.3.5
Redhat Openshift	Version 3.11

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=1767665

Source: secalert@redhat.com

Issue TrackingPatchVendor Advisory

https://github.com/openshift/origin-web-console/pull/3173

Source: secalert@redhat.com

PatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1767665

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

https://github.com/openshift/origin-web-console/pull/3173

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.