CVE-2020-10715

low-risk
Published 2020-09-16

A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.

Do I need to act?

-
0.21% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Redhat

References (4)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1767665
Patch https://github.com/openshift/origin-web-console/pull/3173
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1767665
Patch https://github.com/openshift/origin-web-console/pull/3173
26
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 7/34 · Low