Количество 3
Количество 3
CVE-2019-3876
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens.
CVE-2019-3876
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens.
GHSA-jgwg-35hf-xqrr
Withdrawn Advisory: OpenShift OAuth Server XSS Vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-3876 A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens. | CVSS3: 5 | 0% Низкий | почти 7 лет назад |
 | CVE-2019-3876 A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens. | CVSS3: 6.3 | 0% Низкий | почти 7 лет назад |
| GHSA-jgwg-35hf-xqrr Withdrawn Advisory: OpenShift OAuth Server XSS Vulnerability | CVSS3: 6.3 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу