PT-2021-10108 · Red Hat · Openshift
Jason Shepherd
·
Published
2021-05-27
·
Updated
2022-08-05
·
CVE-2020-1761
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
openshift/console versions before openshift/console-4
Description:
A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser.
Recommendations:
For openshift/console versions before openshift/console-4, update to openshift/console-4 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources that use the access token stored in the browser's local storage.
Fix
Improperly Implemented Security Check for Standard
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openshift