CVE-2020-10743

MEDIUM

OpenShift Container Platform - CSRF

Title source: llm

Description

It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking.

References (1)

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1834550

Scores

CVSS v3 4.3

EPSS 0.0013

EPSS Percentile 32.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-358 CWE-1021

Status published

Products (3)

elastic/kibana

redhat/openshift_container_platform 3.11.286

redhat/openshift_container_platform 4.6.1

Published Jun 02, 2021

Tracked Since Feb 18, 2026