Описание
In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.
A flaw was found in OpenShift Origin. This vulnerability may allow unauthorized access and manipulation of the console via interception and manipulation of cookies.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch6-rhel8 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-curator5-rhel8 | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-tests | Not affected | ||
| Red Hat OpenShift Virtualization 4 | container-native-virtualization/cluster-network-addons-operator | Not affected | ||
| Red Hat OpenShift Virtualization 4 | container-native-virtualization/cluster-network-addons-operator-rhel9 | Not affected | ||
| Red Hat OpenStack Platform 16.2 | osp-director-provisioner-container | Not affected |
Показывать по
10
Ссылки на источники
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-311
Дефект:
CWE-614
https://bugzilla.redhat.com/show_bug.cgi?id=2105433github.com/openshift/origin: Insecure cookies in Openshift Origin in github.com/openshift/origin
5.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
nvd
больше 3 лет назад
In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.
5.3 Medium
CVSS3