CVE-2020-1741

Name of the Vulnerable Software and Affected Versions OpenShift Container Platform versions 3.11

Description A flaw was found in the way OpenShift Container Platform specified CORS allowed origins during installation, making it too permissive. This could allow an attacker, able to man-in-the-middle the connection between the user's browser and the OpenShift console, to perform a phishing attack. The main threat from this issue is data confidentiality.

Recommendations For OpenShift Container Platform version 3.11, consider restricting access to the OpenShift console to minimize the risk of exploitation until a more secure configuration can be applied. As a temporary workaround, review and adjust the CORS allowed origins configuration to be more restrictive. At the moment, there is no information about a newer version that contains a fix for this issue.