Описание
A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF.
Отчет
While this CVE has been rejected and is no longer considered a vulnerability, Red Hat has updated the default CSRF protection for the Openshift Web Console to SameSite: Strict as a security hardening opportunity.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 4 | openshift | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=2259960openshift: existing Cross-Site Request Forgery protection insufficient for WebSocket creation
4.2 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.4
github
почти 2 года назад
A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF.
4.2 Medium
CVSS3