PT-2020-12295 · Red Hat · Openshift Console

Published

2020-09-16

Updated

2020-09-28

CVE-2020-10715

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions openshift/console versions 3.11 through 4.x

Description A content spoofing issue allows an attacker to craft a URL and inject arbitrary text onto an error page, making it appear as if the text is from the OpenShift instance. This could potentially trick a user into believing the inserted text is legitimate.

Recommendations For openshift/console versions 3.11 through 4.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2020-10715

RHSA-2020:2992

Affected Products

Openshift Console

PT-2020-12295 · Red Hat · Openshift Console

CVE-2020-10715

Weakness Enumeration

Related Identifiers

Affected Products

References · 4