CVE-2020-10743
Last modified
CVE-2020-10743 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking.. EPSS estimates a 0.71% chance of exploitation in the next 30 days.
Description
It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Elastic | Kibana | All versions |
| Redhat | Openshift Container Platform | 3.11.286 |
| Redhat | Openshift Container Platform | 4.6.1 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1834550Issue Tracking, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1834550Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-10743?
How severe is CVE-2020-10743?
How do I fix CVE-2020-10743?
Are you affected by CVE-2020-10743?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST