CVE-2019-14860
MEDIUMRed Hat Fuse < 7.5.0 - Permissive Cross-domain Security Policy with Untrusted Domains
Title source: llmDescription
It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.
References (2)
Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14860
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3892
Scores
CVSS v3
6.5
EPSS
0.0117
EPSS Percentile
63.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-942
Status
published
Products (2)
redhat/fuse
< 7.5.0
redhat/syndesis
Published
Nov 08, 2019
Tracked Since
Feb 18, 2026