Lucene search
GoogleOSV:GHSA-JGWG-35HF-XQRRHistoryMay 13, 2022 - 1:12 a.m.
OpenShift OAuth Server XSS Vulnerability
2022-05-1301:12:23
Google
osv.dev
6
openshift
oauth server
xss
vulnerability
x-frame-options
csrf
javascript
EPSS
0.001
Percentile
50.8%
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens.
Related
redhatcve
redhatcve
CVE-2019-3876
2019-03-27 00:50:11
github
github
Withdrawn Advisory: OpenShift OAuth Server XSS Vulnerability
2022-05-13 01:12:23
cve
cve
CVE-2019-3876
2019-04-01 15:29:01
nvd
nvd
CVE-2019-3876
2019-04-01 15:29:01
cvelist
cvelist
CVE-2019-3876
2019-04-01 14:15:42
prion
prion
Cross site request forgery (csrf)
2019-04-01 15:29:00
osv
osv
CVE-2019-3876
2019-04-01 15:29:01
veracode
veracode
Cross-Site Scripting (XSS)
2019-07-29 00:08:35
redhat
redhat
(RHSA-2019:1851) Moderate: OpenShift Container Platform 3.11 security update
2019-07-24 20:51:13
nessus
nessus
RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2019:1851)
2019-07-25 00:00:00