Reflected XSS Vulnerability in OpenShift Container Platform by Red Hat
CVE-2019-3889

4.6MEDIUM

Key Information:

Vendor
Red Hat
Status
Atomic-openshift
Vendor
CVE Published:
11 July 2019

Summary

An issue has been identified in the OpenShift Container Platform that allows an attacker to exploit reflected XSS within the authorization flow. This vulnerability can allow unauthorized users to hijack user sessions by enticing users to click on specially crafted malicious links. By manipulating the browser's response, an attacker may extract sensitive authorization data, leading to potential unauthorized access to a user's account.

Affected Version(s)

atomic-openshift openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3889
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:3722
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3770
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.