CVE-2020-10743

Advisory lineage Upstream: 0 Downstream: 5

Downstream

SUSE-RU-2020:2072-1 SUSE-RU-2020:2161-1 SUSE-RU-2021:0351-1 SUSE-SU-2020:1901-1 SUSE-SU-2021:1962-1

Modified

Published: 02 Jun 2021, 10:54

Last modified:04 Aug 2024, 11:14

Vulnerability Summary

Overall Risk (default)

low

17/100

CVSS Score

4.3 MEDIUM

v3.1 (nvd)

EPSS Score

0.13% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

02 Jun 2021, 10:54

Published

Vulnerability first disclosed

04 Aug 2024, 11:14

Last Modified

Vulnerability information updated

Description

It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking.

CVSS Metrics

v3.1•MEDIUM•Score: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 0.13%• Percentile: 32%

Techniques & Countermeasures

CWE-1021•Improper Restriction of Rendered UI Layers or Frames
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.
CWE-358•Improperly Implemented Security Check for Standard
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

Affected Systems

Unknown•Kibana
na
redhat•openshift_container_platform
3.11.286 | 4.6.1

References (1)

https://bugzilla.redhat.com/show_bug.cgi?id=1834550