Vulnerability Description
A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift | >= 4.0, <= 4.3.5 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1767665Issue TrackingPatchVendor Advisory
- https://github.com/openshift/origin-web-console/pull/3173PatchThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1767665Issue TrackingPatchVendor Advisory
- https://github.com/openshift/origin-web-console/pull/3173PatchThird Party Advisory
FAQ
What is CVE-2020-10715?
CVE-2020-10715 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the ...
How severe is CVE-2020-10715?
CVE-2020-10715 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10715?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift.