Improperly Implemented Security Check for Standard

CVE-2020-1761

Medium

6.1/10

Summary

A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-358 - Improperly Implemented Security Check for Standard

The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

References

Issue

Advisory Timeline

Published May 27, 2021

Improperly Implemented Security Check for Standard

CVE-2020-1761

Summary

CWE-358 - Improperly Implemented Security Check for Standard

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS