CORS Misconfiguration in OpenShift Container Platform by Red Hat
CVE-2020-1741

5.9MEDIUM

Key Information:

Vendor: Red Hat
Status: Openshift-ansible
Vendor: CVE Published:; 24 April 2020

Summary

A flaw in OpenShift Container Platform 3.11 originates from overly permissive CORS allowed origins configurations during installation. This vulnerability allows attackers to man-in-the-middle the communication between a user's browser and the OpenShift console. By exploiting this, an attacker could initiate phishing attacks, potentially compromising user data and posing serious risks to data confidentiality. It highlights the importance of properly configuring CORS settings to mitigate such security threats.

Affected Version(s)

openshift-ansible openshift-ansible-3.11

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1741

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2020
Vulnerability Reserved
Nov 27, 2019