CyberSec.Space Logo
Back to CVE Browser

CVE-2020-1741

MEDIUM
5.9
CVSS Severity Score
EPSS Score0.0910%
EPSS Percentile10.46th
PublishedApr 24, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality.

Affected Platforms (CPE)

📦
Redhat

Openshift Container Platform

= 3.11

References & Advisories

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1741
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1741

Related Vulnerabilities

CVE-2019-38999.8

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interfac...

CVE-2019-148198.8

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service acc...

CVE-2018-108438.5

source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vuln...

CVE-2021-201988.1

A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of Ope...

CVE-2020-1741 Detail & Impact Analysis | CVSS 5.9 (MEDIUM) | Cyber-Sec.Space | Cyber-Sec.Space