CVE-2020-1741Incorrect Regular Expression in RED HAT Openshift-ansible

CWE-185Incorrect Regular ExpressionCWE-697Incorrect Comparison7 documents6 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 53.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
RED HAT Openshift-ansibleRedhat Openshift Container Platform
Timeline
PublishedApr 24
Latest updateMay 24

Description

A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:NExploitability: 1.6 | Impact: 4.2

Affected Packages1 packages

CVEListV5red_hat/openshift-ansibleopenshift-ansible-3.11

Also affects: Openshift Container Platform 3.11

🔴Vulnerability Details

3
GHSA
GHSA-wqfw-39gh-42cj: A flaw was found in openshift-ansible2022-05-24
CVEList
CVE-2020-1741: A flaw was found in openshift-ansible2020-04-24
Kernel
vt: selection, close sel_buffer race2020-02-10

📋Vendor Advisories

1
Red Hat
openshift-ansible: cors allowed origin allows changing url protocol2020-03-13

💬Community

2
Bugzilla
CVE-2020-27767 ImageMagick: outside the range of representable values of type 'float' at MagickCore/quantum.h2020-11-04
Bugzilla
CVE-2020-1741 openshift-ansible: cors allowed origin allows changing url protocol2020-02-13
CVE-2020-1741 — Incorrect Regular Expression in RED | cvebase