CVE-2020-1761

Medium

A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this…

redhat·CWE-358·Published 2021-05-27

CVSS

6.1

EPSS

0.01

KEV

Exploits

cve.orgen

301 chars

A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4.

NVDen

301 chars

NVDes

373 chars

Se encontró un fallo en la consola web de OpenShift, donde el token de acceso es guardado en el almacenamiento local del navegador. Un atacante puede usar este fallo para obtener el token de acceso por medio de un acceso físico o un ataque de tipo XSS en el navegador de la víctima. Este fallo afecta a openshift/console versiones anteriores a openshift/console-4

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.1	Primary	NVD	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N