CVE-2020-1741

Published: Apr 24, 2020Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

Exploitability: 1.6 / Impact: 4.2

Source: NVD

Description

A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality.

Affected (1)

Products: Redhat: Openshift Container Platform

1 product

Openshift Container Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift Container Platform	Version 3.11

Related CWEs

Incorrect Regular Expression

The product specifies a regular expression in a way that causes data to be improperly matched or compared.

Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1741

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1741

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.