VYPR

Console

by Openshift

Source repositories

CVEs (6)

  • CVE-2024-6508HigAug 21, 2024
    risk 0.52cvss 8.0epss 0.01

    An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows…

  • CVE-2024-7079MedJul 24, 2024
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to…

  • CVE-2020-1761MedMay 27, 2021
    risk 0.40cvss 6.1epss 0.01

    A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions…

  • CVE-2024-6538MedNov 25, 2024
    risk 0.34cvss 5.3epss 0.01

    A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't…

  • CVE-2024-7631MedMar 19, 2025
    risk 0.28cvss 4.3epss 0.00

    A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath…

  • CVE-2020-10715MedSep 16, 2020
    risk 0.00cvss 4.3epss 0.01

    A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the…