github.com/openshift/console is vulnerable to cross-site request forgery (CSRF) on proxied requests. The server did not perform verification for anti-CSRF tokens and source Origin header of requests. This would allow an attacker to submit requests on behalf of authenticated users via a specially crafted HTML page.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/openshift/console | eq | HEAD | |
github.com/openshift/console | le | 6.0.6 | |
github.com/openshift/console | le | 3.0.8 |
www.securityfocus.com/bid/105190
bugzilla.redhat.com/show_bug.cgi?id=1622372
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937
github.com/openshift/console/commit/09e85eb699b5cd668d8891e544fc78a458e01a56
github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c
github.com/openshift/console/pull/461