CVE-2020-1741

MEDIUM

OpenShift Container Platform 3.11 - CSRF

Title source: llm

Description

A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality.

References (1)

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1741

Scores

CVSS v3 5.9

EPSS 0.0024

EPSS Percentile 46.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

Details

CWE

CWE-697 CWE-185

Status published

Products (1)

redhat/openshift_container_platform 3.11

Published Apr 24, 2020

Tracked Since Feb 18, 2026