Lucene search
EclipseCVELIST:CVE-2019-17633HistoryDec 19, 2019 - 5:05 p.m.
CVE-2019-17633
2019-12-1917:05:12
CWE-352
eclipse
www.cve.org
2
For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local installations (e.g. on personal laptops). In that case, even if the Che API is not exposed externally, some javascript running in the local browser is able to send requests to it.
CNA Affected
[
{
"product": "Eclipse Che",
"vendor": "The Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "6.16.0 to 7.3.0 inclusive"
}
]
}
]Related
veracode
veracode
Cross-Origin Resource Sharing (CORS)
2019-12-20 04:00:09
osv
osv
CVE-2019-17633
2019-12-19 17:15:12
checkpoint_advisories
checkpoint_advisories
Eclipse Che Cross Site Request Forgery (CVE-2019-17633)
2020-03-15 00:00:00
prion
prion
Authentication flaw
2019-12-19 17:15:00
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Eclipse Che
2019-12-19 20:22:12
nvd
nvd
CVE-2019-17633
2019-12-19 17:15:12
cve
cve
CVE-2019-17633
2019-12-19 17:15:12