ID CVE-2020-10743
Summary It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking.
References
Vulnerable Configurations
  • cpe:2.3:a:elastic:kibana:-:*:*:*:*:*:*:*
    cpe:2.3:a:elastic:kibana:-:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.11.286:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.11.286:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:4.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:4.6.1:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 10-06-2021 - 18:24)
Impact:
Exploitability:
CWE CWE-358
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
Last major update 10-06-2021 - 18:24
Published 02-06-2021 - 11:15
Last modified 10-06-2021 - 18:24
Back to Top