CVE Vulnerabilities

CVE-2020-1761

Published: May 27, 2021 | Modified: Aug 05, 2022

CVSS 3.x

6.1

MEDIUM

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS 2.x

4.3 MEDIUM

RedHat/V2

RedHat/V3

6.3 MODERATE

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-1761
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

A flaw was found in the OpenShift web console, where the access token is stored in the browsers local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victims browser. This flaw affects openshift/console versions before openshift/console-4.

Affected Software

Name	Vendor	Start Version	End Version
Openshift	Redhat	*	4.0 (excluding)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1813788

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.