Lucene search
GoogleOSV:CVE-2019-3876HistoryApr 01, 2019 - 3:29 p.m.
CVE-2019-3876
2019-04-0115:29:01
Google
osv.dev
4
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens.
Related
redhatcve
redhatcve
CVE-2019-3876
2019-03-27 00:50:11
github
github
Withdrawn Advisory: OpenShift OAuth Server XSS Vulnerability
2022-05-13 01:12:23
osv
osv
OpenShift OAuth Server XSS Vulnerability
2022-05-13 01:12:23
cve
cve
CVE-2019-3876
2019-04-01 15:29:01
nvd
nvd
CVE-2019-3876
2019-04-01 15:29:01
cvelist
cvelist
CVE-2019-3876
2019-04-01 14:15:42
prion
prion
Cross site request forgery (csrf)
2019-04-01 15:29:00
veracode
veracode
Cross-Site Scripting (XSS)
2019-07-29 00:08:35
redhat
redhat
(RHSA-2019:1851) Moderate: OpenShift Container Platform 3.11 security update
2019-07-24 20:51:13
nessus
nessus
RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2019:1851)
2019-07-25 00:00:00