CVE-2020-1741 MEDIUM

CVE-2020-1741

Vendor Red Hat
Product openshift-ansible
Weakness CWE-185
Published April 24, 2020
Last update August 4, 2024

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality.

Key dates

02Disclosure timeline

April 24, 2020 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE