Vulnerabilities > CVE-2019-10176 - Unspecified vulnerability in Redhat Openshift Container Platform 3.11/4.1

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

redhat

NVD

Published: 2019-08-02

Updated: 2024-11-21

Summary

A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Openshift Container Platform 3.11 Redhat Openshift Container Platform 4.1	2

Redhat

advisories

rhsa
id RHSA-2019:2792
rhsa
id RHSA-2019:4053

References

https://access.redhat.com/errata/RHSA-2019:2792
https://access.redhat.com/errata/RHSA-2019:2792
https://access.redhat.com/errata/RHSA-2019:4053
https://access.redhat.com/errata/RHSA-2019:4053
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10176
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10176