CVE-2020-10743Improperly Implemented Security Check for Standard in Kibana

CWE-358Improperly Implemented Security Check for StandardCWE-1021UI Misrepresentation / Clickjacking5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 67.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Elastic KibanaRedhat Openshift Container Platform
Timeline
PublishedJun 2
Latest updateMay 24

Description

It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

CVEListV5elastic/kibanaOpenShift Container Platform 3.11.286 and OpenShift Container Platform 4.6.1

Also affects: Openshift Container Platform 3.11.286, 4.6.1

🔴Vulnerability Details

2
GHSA
GHSA-5h6f-94qc-p3v7: It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and ma2022-05-24
CVEList
CVE-2020-10743: It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and ma2021-06-02

📋Vendor Advisories

1
Red Hat
kibana: X-Frame-Option not set by default might lead to clickjacking2020-01-27

💬Community

1
Bugzilla
CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking2020-05-11
CVE-2020-10743 — Elastic Kibana vulnerability | cvebase