Vulnerabilities > CVE-2020-10743 - Improperly Implemented Security Check for Standard vulnerability in multiple products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

elastic

redhat

CWE-358

NVD

Published: 2021-06-02

Updated: 2023-02-12

Summary

It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking.

Vulnerable Configurations

Part	Description	Count
Application	Elastic Elastic Kibana -	1
Application	Redhat Redhat Openshift Container Platform 4.6.1 Redhat Openshift Container Platform 3.11.286	2

Common Weakness Enumeration (CWE)

CWE-358 - Improperly Implemented Security Check for Standard

References

https://bugzilla.redhat.com/show_bug.cgi?id=1834550