CVE-2019-3876 MEDIUM

CVE-2019-3876

Vendor Red Hat
Product web-console
Weakness CWE-352 · CSRF
Published April 1, 2019
Last update August 4, 2024
View on NVD All CVEs

CVSS base score

5.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens.

Key dates

02Disclosure timeline

April 1, 2019 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-32273 WordPress Freetobook Responsive Widget Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-4589 DedeCMS mytag_edit.php cross-site request forgery CVE-2024-33638 WordPress Smart Maintenance Mode plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-10588 PixelYourSite <= 11.1.2 – Cross-Site Request Forgery to GDPR Options Modification CVE-2021-4422 POST SMTP Mailer <= 2.0.20 - Cross-Site Request Forgery Bypass