A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user’s browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality.
CPE | Name | Operator | Version |
---|---|---|---|
origin | eq | 1.4.0-alpha.0 | |
origin | eq | 1.1 | |
origin | eq | 1.3.0 | |
origin | eq | 1.1.3 | |
origin | eq | 1.2.0 | |
origin | eq | 1.3.0-rc1 | |
origin | eq | 1.4.0-alpha.1 | |
origin | eq | 3.7.0-rc.0 | |
origin | eq | 3.9.0-alpha.2 | |
origin | eq | 3.10.0-rc.0 |