Cross-Origin Resource Sharing Misconfiguration in Syndesis by Red Hat
CVE-2019-14860

7.4HIGH

Key Information:

Vendor: [unknown]
Status: Syndesis
Vendor: CVE Published:; 8 November 2019

What is CVE-2019-14860?

The Syndesis application by Red Hat was found to have a configuration issue related to Cross-Origin Resource Sharing (CORS), which allowed unrestricted access from all origins. This misconfiguration could be exploited by attackers to carry out phishing attacks and gain unauthorized access to sensitive information, thus posing a significant risk to users and systems interacting with Syndesis.

Affected Version(s)

syndesis

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14860

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2019:3892

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2019
Vulnerability Reserved
Aug 10, 2019

[unknown]

What is CVE-2019-14860?

Affected Version(s)

References

CVSS V3.1

Timeline