Description
It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1834550
Scores
CVSS v3
4.3
EPSS
0.0071
EPSS Percentile
48.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-358
CWE-1021
Status
published
Products (3)
elastic/kibana
redhat/openshift_container_platform
3.11.286
redhat/openshift_container_platform
4.6.1
Published
Jun 02, 2021
Tracked Since
Feb 18, 2026