CVE-2020-1761Improperly Implemented Security Check for Standard in Redhat Openshift

CWE-358Improperly Implemented Security Check for Standard5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 63.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat OpenshiftOpenshift Console
Timeline
PublishedMay 27
Latest updateMay 24

Description

A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5openshift/consoleopenshift/console-4
NVDredhat/openshift< 4.0

🔴Vulnerability Details

2
GHSA
GHSA-5m75-xc7x-rg6m: A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage2022-05-24
CVEList
CVE-2020-1761: A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage2021-05-27

📋Vendor Advisories

1
Red Hat
openshift/console: access token stored in browser local storage2020-02-11

💬Community

1
Bugzilla
CVE-2020-1761 openshift/console: access token stored in browser local storage2020-03-16
CVE-2020-1761 — Redhat Openshift vulnerability | cvebase