Описание
A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link.
A reflected XSS vulnerability exists in the authentication flow of the OpenShift Container Platform. An attacker could use this flaw to steal authentication data by having users click a malicious link.
Отчет
Since the HTTP Response "Content Type" is "text/plain" most browsers won't execute any Javascipt in the response content. However if an attacker can trick a user into loading the response in an iFrame it is possible to exploit this vulnerability. Appropriate Cross Origin Resource (CORS) Allowed Domain configuration in OCP 3 should prevent an attacker from getting any response from a attacker hosted domain. Therefore make sure that corsAllowedDomains is specified correctly in your OCP 3 master-config.yaml. See [1] for more details on an issue with corsAllowedDomains in OCP 3. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1694913 Also content sniffing browsers [2] do execute Javascript even when the "Content Type" HTTP Response header is set to "text/plain". [2] https://en.wikipedia.org/wiki/Content_sniffing
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | atomic-openshift | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.4 | atomic-openshift | Will not fix | ||
| Red Hat OpenShift Container Platform 3.5 | atomic-openshift | Will not fix | ||
| Red Hat OpenShift Container Platform 3.6 | atomic-openshift | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.7 | atomic-openshift | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.9 | atomic-openshift | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift | Fixed | RHSA-2020:0795 | 20.03.2020 |
| Red Hat OpenShift Container Platform 4.1 | openshift4/ose-hypershift | Fixed | RHSA-2019:3722 | 07.11.2019 |
| Red Hat OpenShift Container Platform 4.2 | openshift4/ose-oauth-server-rhel7 | Fixed | RHSA-2019:3770 | 13.11.2019 |
Показывать по
Дополнительная информация
Статус:
4.6 Medium
CVSS3
Связанные уязвимости
A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link.
A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link.
Уязвимость корпоративной платформы Red Hat OpenShift Container Platform, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю раскрыть авторизационные данные
4.6 Medium
CVSS3