| Vulnerability Name: | CVE-2020-1761 (CCN-202699) | ||||||||||||
| Assigned: | 2019-11-27 | ||||||||||||
| Published: | 2020-03-16 | ||||||||||||
| Updated: | 2022-08-05 | ||||||||||||
| Summary: | A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4. | ||||||||||||
| CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-1761 Source: CCN Type: Red Hat Bugzilla Bug 1813788 (CVE-2020-1761) - CVE-2020-1761 openshift/console: access token stored in browser local storage Source: MISC Type: Issue Tracking, Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1813788 Source: XF Type: UNKNOWN openshift-cve20201761-unauth-access(202699) Source: CCN Type: OpenShift Web site OpenShift | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||