A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed…
redhat·CWE-185·Published 2020-04-24
A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality.
A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality.
Se encontró un fallo en openshift-ansible. OpenShift Container Platform (OCP) versión 3.11 es muy permisivo en la manera en que especificó los orígenes permitidos por CORS durante la instalación. Un atacante, capaz de realizar un ataque de tipo man-in-the-middle en la conexión entre el navegador del usuario y la consola de OpenShift, podría usar este fallo para llevar a cabo un ataque de phishing. La principal amenaza de esta vulnerabilidad es la confidencialidad de los datos.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 4.0 | 4.9 | 4.9 | AV:N/AC:H/Au:N/C:P/I:P/A:N |
| 3.1 | Primary | cve.org | 5.9 | — | — | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N |
| 3.1 | Primary | cve.org | 5.9 | — | — | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N |
| 3.1 | Primary | NVD | 5.9 | 1.6 | 4.2 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N |
| 3.1 | Secondary | NVD | 5.9 | 1.6 | 4.2 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N |