CVE-2020-1741
openshift-ansible: cors allowed origin allows changing url protocol
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality.
Se encontró un fallo en openshift-ansible. OpenShift Container Platform (OCP) versión 3.11 es muy permisivo en la manera en que especificó los orígenes permitidos por CORS durante la instalación. Un atacante, capaz de realizar un ataque de tipo man-in-the-middle en la conexión entre el navegador del usuario y la consola de OpenShift, podría usar este fallo para llevar a cabo un ataque de phishing. La principal amenaza de esta vulnerabilidad es la confidencialidad de los datos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-27 CVE Reserved
- 2020-04-24 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-185: Incorrect Regular Expression
- CWE-697: Incorrect Comparison
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1741 | 2023-02-12 | |
https://access.redhat.com/security/cve/CVE-2020-1741 | 2020-08-27 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1802381 | 2020-08-27 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 3.11 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.11" | - |
Affected
|