Vulnerability Details CVE-2019-3876
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.9%
CVSS Severity
CVSS v3 Score 5.0
CVSS v2 Score 4.3
References
Products affected by CVE-2019-3876
-
cpe:2.3:a:redhat:openshift_container_platform:3.0
-
cpe:2.3:a:redhat:openshift_container_platform:3.1
-
cpe:2.3:a:redhat:openshift_container_platform:3.10
-
cpe:2.3:a:redhat:openshift_container_platform:3.11
-
cpe:2.3:a:redhat:openshift_container_platform:3.2
-
cpe:2.3:a:redhat:openshift_container_platform:3.3
-
cpe:2.3:a:redhat:openshift_container_platform:3.4
-
cpe:2.3:a:redhat:openshift_container_platform:3.5
-
cpe:2.3:a:redhat:openshift_container_platform:3.6
-
cpe:2.3:a:redhat:openshift_container_platform:3.7
-
cpe:2.3:a:redhat:openshift_container_platform:3.7.14
-
cpe:2.3:a:redhat:openshift_container_platform:3.7.23
-
cpe:2.3:a:redhat:openshift_container_platform:3.7.42-2
-
cpe:2.3:a:redhat:openshift_container_platform:3.7.44
-
cpe:2.3:a:redhat:openshift_container_platform:3.7.46
-
cpe:2.3:a:redhat:openshift_container_platform:3.7.52
-
cpe:2.3:a:redhat:openshift_container_platform:3.7.53
-
cpe:2.3:a:redhat:openshift_container_platform:3.7.54
-
cpe:2.3:a:redhat:openshift_container_platform:3.7.57
-
cpe:2.3:a:redhat:openshift_container_platform:3.7.61
-
cpe:2.3:a:redhat:openshift_container_platform:3.8
-
cpe:2.3:a:redhat:openshift_container_platform:3.9
-
cpe:2.3:a:redhat:openshift_container_platform:3.9.31