VDB
RHSA-2020%3A3727
RHSA-2020%3A3727
PUBLISHED
CVSS 3.0999999046325684 LOW
It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking.
Risk Scores
CVSS 3.1
3.0999999046325684
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift3/ose-docker-registry@sha256:e01939c1a1721db529b079dc80d0db7432adc96bb71678817dc688d927a9d4d7_ppc64le as a component of Red Hat OpenShift Container Platform 3.11 | *, openshift3/ose-docker-registry@sha256:e01939c1a1721db529b079dc80d0db7432adc96bb71678817dc688d927a9d4d7_ppc64le |
| Red Hat | openshift3/ose-docker-registry@sha256:e01939c1a1721db529b079dc80d0db7432adc96bb71678817dc688d927a9d4d7_ppc64le as a component of Red Hat OpenShift Container Platform 3.11 | openshift3/ose-docker-registry@sha256:e01939c1a1721db529b079dc80d0db7432adc96bb71678817dc688d927a9d4d7_ppc64le |
| Red Hat | openshift3/ose-logging-kibana5@sha256:db7cd31fd03986589b2e3e618aee85edc2383f56a9ee47c175e858f99d641f78_amd64 as a component of Red Hat OpenShift Container Platform 3.11 | * |
| Red Hat | openshift3/ose-logging-kibana5@sha256:db7cd31fd03986589b2e3e618aee85edc2383f56a9ee47c175e858f99d641f78_amd64 | |
| Red Hat | openshift3/ose-logging-kibana5@sha256:65924e84fff7fc4ace75f00b823f3412af4936066a641849aa4b3c845b25c698_ppc64le as a component of Red Hat OpenShift Container Platform 3.11 | *, * |
| Red Hat | openshift3/ose-docker-registry@sha256:2b58d801f83a732b121c74eedee3849c2137a1a534f5737483652b25f1fc66ec_amd64 as a component of Red Hat OpenShift Container Platform 3.11 | openshift3/ose-docker-registry@sha256:2b58d801f83a732b121c74eedee3849c2137a1a534f5737483652b25f1fc66ec_amd64 |
| Red Hat | openshift3/ose-logging-kibana5@sha256:65924e84fff7fc4ace75f00b823f3412af4936066a641849aa4b3c845b25c698_ppc64le as a component of Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-kibana5@sha256:65924e84fff7fc4ace75f00b823f3412af4936066a641849aa4b3c845b25c698_ppc64le |
| Red Hat | openshift3/ose-docker-registry@sha256:2b58d801f83a732b121c74eedee3849c2137a1a534f5737483652b25f1fc66ec_amd64 as a component of Red Hat OpenShift Container Platform 3.11 | *, openshift3/ose-docker-registry@sha256:2b58d801f83a732b121c74eedee3849c2137a1a534f5737483652b25f1fc66ec_amd64 |
| Red Hat | openshift3/ose-logging-kibana5@sha256:db7cd31fd03986589b2e3e618aee85edc2383f56a9ee47c175e858f99d641f78_amd64 as a component of Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-kibana5@sha256:db7cd31fd03986589b2e3e618aee85edc2383f56a9ee47c175e858f99d641f78_amd64, * |
Timeline
- Sep 16, 2020 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 4, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2020:3727 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1834550 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1853652 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3727.json advisory
- https://access.redhat.com/security/cve/CVE-2020-10743 advisory
- https://www.cve.org/CVERecord?id=CVE-2020-10743 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-10743 advisory
- https://access.redhat.com/security/cve/CVE-2020-14040 advisory
- https://www.cve.org/CVERecord?id=CVE-2020-14040 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-14040 advisory
- https://github.com/golang/go/issues/39491 advisory
- https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0 advisory