CVE-2020-1741

Advisory lineage Upstream: 0 Downstream: 1
Downstream
RHSA-2020:3541
Modified
Published: 24 Apr 2020, 18:34
Last modified:04 Aug 2024, 06:46

Vulnerability Summary

Overall Risk (default)
low
24/100
CVSS Score
5.9 MEDIUM
v3.1 (cve.org)
EPSS Score
0.24% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

24 Apr 2020, 18:34
Published
Vulnerability first disclosed
04 Aug 2024, 06:46
Last Modified
Vulnerability information updated

Description

A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality.

CVSS Metrics

  • v3.1MEDIUMScore: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
  • v2.0MEDIUMScore: 4AV:N/AC:H/Au:N/C:P/I:P/A:N

EPSS Trends

Current EPSS score: 0.24% Percentile: 47%

Techniques & Countermeasures

  • CWE-697Incorrect Comparison

    The product compares two entities in a security-relevant context, but the comparison is incorrect.

  • CWE-185Incorrect Regular Expression

    The product specifies a regular expression in a way that causes data to be improperly matched or compared.

Affected Systems

  • red hatopenshift-ansible

    openshift-ansible-3.11

  • redhatopenshift_container_platform

    3.11

References (1)