Описание
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Issue TrackingVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
EPSS
5 Medium
CVSS3
6.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens.
Withdrawn Advisory: OpenShift OAuth Server XSS Vulnerability
EPSS
5 Medium
CVSS3
6.3 Medium
CVSS3
4.3 Medium
CVSS2