Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-14368

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery (CSRF) and consequently allowing a cross-site WebSocket hijack on Theia IDE. This flaw allows an attacker to gain full access to the victim's workspace through the /services endpoint. To perform a successful attack, the attacker conducts a Man-in-the-middle attack (MITM) and tricks the victim into executing a request via an untrusted link, which performs the CSRF and the Socket hijack. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.0%
CVSS Severity
CVSS v3 Score 7.1
CVSS v2 Score 4.6
Products affected by CVE-2020-14368
  • Eclipse » Che » Version: 4.0.0
    cpe:2.3:a:eclipse:che:4.0.0
  • Eclipse » Che » Version: 4.0.1
    cpe:2.3:a:eclipse:che:4.0.1
  • Eclipse » Che » Version: 4.1.0
    cpe:2.3:a:eclipse:che:4.1.0
  • Eclipse » Che » Version: 4.1.1
    cpe:2.3:a:eclipse:che:4.1.1
  • Eclipse » Che » Version: 4.2.0
    cpe:2.3:a:eclipse:che:4.2.0
  • Eclipse » Che » Version: 4.2.1
    cpe:2.3:a:eclipse:che:4.2.1
  • Eclipse » Che » Version: 4.2.2
    cpe:2.3:a:eclipse:che:4.2.2
  • Eclipse » Che » Version: 4.2.3
    cpe:2.3:a:eclipse:che:4.2.3
  • Eclipse » Che » Version: 4.3.0
    cpe:2.3:a:eclipse:che:4.3.0
  • Eclipse » Che » Version: 4.3.1
    cpe:2.3:a:eclipse:che:4.3.1
  • Eclipse » Che » Version: 4.3.2
    cpe:2.3:a:eclipse:che:4.3.2
  • Eclipse » Che » Version: 4.3.3
    cpe:2.3:a:eclipse:che:4.3.3
  • Eclipse » Che » Version: 4.3.4
    cpe:2.3:a:eclipse:che:4.3.4
  • Eclipse » Che » Version: 4.3.5
    cpe:2.3:a:eclipse:che:4.3.5
  • Eclipse » Che » Version: 4.4.0
    cpe:2.3:a:eclipse:che:4.4.0
  • Eclipse » Che » Version: 4.4.1
    cpe:2.3:a:eclipse:che:4.4.1
  • Eclipse » Che » Version: 4.4.2
    cpe:2.3:a:eclipse:che:4.4.2
  • Eclipse » Che » Version: 4.5.0
    cpe:2.3:a:eclipse:che:4.5.0
  • Eclipse » Che » Version: 4.5.1
    cpe:2.3:a:eclipse:che:4.5.1
  • Eclipse » Che » Version: 4.6.0
    cpe:2.3:a:eclipse:che:4.6.0
  • Eclipse » Che » Version: 4.6.1
    cpe:2.3:a:eclipse:che:4.6.1
  • Eclipse » Che » Version: 4.6.2
    cpe:2.3:a:eclipse:che:4.6.2
  • Eclipse » Che » Version: 4.7.0
    cpe:2.3:a:eclipse:che:4.7.0
  • Eclipse » Che » Version: 4.7.1
    cpe:2.3:a:eclipse:che:4.7.1
  • Eclipse » Che » Version: 4.7.2
    cpe:2.3:a:eclipse:che:4.7.2
  • Eclipse » Che » Version: 5.0.0
    cpe:2.3:a:eclipse:che:5.0.0
  • Eclipse » Che » Version: 5.0.1
    cpe:2.3:a:eclipse:che:5.0.1
  • Eclipse » Che » Version: 5.1.0
    cpe:2.3:a:eclipse:che:5.1.0
  • Eclipse » Che » Version: 5.1.1
    cpe:2.3:a:eclipse:che:5.1.1
  • Eclipse » Che » Version: 5.1.2
    cpe:2.3:a:eclipse:che:5.1.2
  • Eclipse » Che » Version: 5.10.0
    cpe:2.3:a:eclipse:che:5.10.0
  • Eclipse » Che » Version: 5.11.0
    cpe:2.3:a:eclipse:che:5.11.0
  • Eclipse » Che » Version: 5.11.1
    cpe:2.3:a:eclipse:che:5.11.1
  • Eclipse » Che » Version: 5.11.2
    cpe:2.3:a:eclipse:che:5.11.2
  • Eclipse » Che » Version: 5.12.0
    cpe:2.3:a:eclipse:che:5.12.0
  • Eclipse » Che » Version: 5.13.0
    cpe:2.3:a:eclipse:che:5.13.0
  • Eclipse » Che » Version: 5.14.0
    cpe:2.3:a:eclipse:che:5.14.0
  • Eclipse » Che » Version: 5.15.0
    cpe:2.3:a:eclipse:che:5.15.0
  • Eclipse » Che » Version: 5.16.0
    cpe:2.3:a:eclipse:che:5.16.0
  • Eclipse » Che » Version: 5.17.0
    cpe:2.3:a:eclipse:che:5.17.0
  • Eclipse » Che » Version: 5.18.0
    cpe:2.3:a:eclipse:che:5.18.0
  • Eclipse » Che » Version: 5.18.1
    cpe:2.3:a:eclipse:che:5.18.1
  • Eclipse » Che » Version: 5.19.0
    cpe:2.3:a:eclipse:che:5.19.0
  • Eclipse » Che » Version: 5.2.0
    cpe:2.3:a:eclipse:che:5.2.0
  • Eclipse » Che » Version: 5.2.1
    cpe:2.3:a:eclipse:che:5.2.1
  • Eclipse » Che » Version: 5.2.2
    cpe:2.3:a:eclipse:che:5.2.2
  • Eclipse » Che » Version: 5.20.0
    cpe:2.3:a:eclipse:che:5.20.0
  • Eclipse » Che » Version: 5.20.1
    cpe:2.3:a:eclipse:che:5.20.1
  • Eclipse » Che » Version: 5.21.0
    cpe:2.3:a:eclipse:che:5.21.0
  • Eclipse » Che » Version: 5.21.1
    cpe:2.3:a:eclipse:che:5.21.1
  • Eclipse » Che » Version: 5.22.0
    cpe:2.3:a:eclipse:che:5.22.0
  • Eclipse » Che » Version: 5.22.1
    cpe:2.3:a:eclipse:che:5.22.1
  • Eclipse » Che » Version: 5.22.2
    cpe:2.3:a:eclipse:che:5.22.2
  • Eclipse » Che » Version: 5.3.0
    cpe:2.3:a:eclipse:che:5.3.0
  • Eclipse » Che » Version: 5.3.1
    cpe:2.3:a:eclipse:che:5.3.1
  • Eclipse » Che » Version: 5.4.0
    cpe:2.3:a:eclipse:che:5.4.0
  • Eclipse » Che » Version: 5.4.1
    cpe:2.3:a:eclipse:che:5.4.1
  • Eclipse » Che » Version: 5.5.0
    cpe:2.3:a:eclipse:che:5.5.0
  • Eclipse » Che » Version: 5.6.0
    cpe:2.3:a:eclipse:che:5.6.0
  • Eclipse » Che » Version: 5.7.0
    cpe:2.3:a:eclipse:che:5.7.0
  • Eclipse » Che » Version: 5.7.1
    cpe:2.3:a:eclipse:che:5.7.1
  • Eclipse » Che » Version: 5.7.2
    cpe:2.3:a:eclipse:che:5.7.2
  • Eclipse » Che » Version: 5.8.0
    cpe:2.3:a:eclipse:che:5.8.0
  • Eclipse » Che » Version: 5.8.1
    cpe:2.3:a:eclipse:che:5.8.1
  • Eclipse » Che » Version: 5.9.0
    cpe:2.3:a:eclipse:che:5.9.0
  • Eclipse » Che » Version: 5.9.1
    cpe:2.3:a:eclipse:che:5.9.1
  • Eclipse » Che » Version: 6.0.0
    cpe:2.3:a:eclipse:che:6.0.0
  • Eclipse » Che » Version: 6.1.0
    cpe:2.3:a:eclipse:che:6.1.0
  • Eclipse » Che » Version: 6.1.1
    cpe:2.3:a:eclipse:che:6.1.1
  • Eclipse » Che » Version: 6.10.0
    cpe:2.3:a:eclipse:che:6.10.0
  • Eclipse » Che » Version: 6.11.0
    cpe:2.3:a:eclipse:che:6.11.0
  • Eclipse » Che » Version: 6.11.1
    cpe:2.3:a:eclipse:che:6.11.1
  • Eclipse » Che » Version: 6.12.0
    cpe:2.3:a:eclipse:che:6.12.0
  • Eclipse » Che » Version: 6.12.1
    cpe:2.3:a:eclipse:che:6.12.1
  • Eclipse » Che » Version: 6.12.2
    cpe:2.3:a:eclipse:che:6.12.2
  • Eclipse » Che » Version: 6.13.0
    cpe:2.3:a:eclipse:che:6.13.0
  • Eclipse » Che » Version: 6.13.1
    cpe:2.3:a:eclipse:che:6.13.1
  • Eclipse » Che » Version: 6.14.0
    cpe:2.3:a:eclipse:che:6.14.0
  • Eclipse » Che » Version: 6.14.1
    cpe:2.3:a:eclipse:che:6.14.1
  • Eclipse » Che » Version: 6.14.2
    cpe:2.3:a:eclipse:che:6.14.2
  • Eclipse » Che » Version: 6.15.0
    cpe:2.3:a:eclipse:che:6.15.0
  • Eclipse » Che » Version: 6.16.0
    cpe:2.3:a:eclipse:che:6.16.0
  • Eclipse » Che » Version: 6.17.0
    cpe:2.3:a:eclipse:che:6.17.0
  • Eclipse » Che » Version: 6.17.1
    cpe:2.3:a:eclipse:che:6.17.1
  • Eclipse » Che » Version: 6.18.0
    cpe:2.3:a:eclipse:che:6.18.0
  • Eclipse » Che » Version: 6.18.1
    cpe:2.3:a:eclipse:che:6.18.1
  • Eclipse » Che » Version: 6.18.2
    cpe:2.3:a:eclipse:che:6.18.2
  • Eclipse » Che » Version: 6.19.0
    cpe:2.3:a:eclipse:che:6.19.0
  • Eclipse » Che » Version: 6.19.1
    cpe:2.3:a:eclipse:che:6.19.1
  • Eclipse » Che » Version: 6.19.2
    cpe:2.3:a:eclipse:che:6.19.2
  • Eclipse » Che » Version: 6.19.3
    cpe:2.3:a:eclipse:che:6.19.3
  • Eclipse » Che » Version: 6.19.4
    cpe:2.3:a:eclipse:che:6.19.4
  • Eclipse » Che » Version: 6.19.5
    cpe:2.3:a:eclipse:che:6.19.5
  • Eclipse » Che » Version: 6.19.6
    cpe:2.3:a:eclipse:che:6.19.6
  • Eclipse » Che » Version: 6.2.0
    cpe:2.3:a:eclipse:che:6.2.0
  • Eclipse » Che » Version: 6.3.0
    cpe:2.3:a:eclipse:che:6.3.0
  • Eclipse » Che » Version: 6.4.0
    cpe:2.3:a:eclipse:che:6.4.0
  • Eclipse » Che » Version: 6.4.1
    cpe:2.3:a:eclipse:che:6.4.1
  • Eclipse » Che » Version: 6.5.0
    cpe:2.3:a:eclipse:che:6.5.0
  • Eclipse » Che » Version: 6.5.1
    cpe:2.3:a:eclipse:che:6.5.1
  • Eclipse » Che » Version: 6.5.2
    cpe:2.3:a:eclipse:che:6.5.2
  • Eclipse » Che » Version: 6.5.3
    cpe:2.3:a:eclipse:che:6.5.3
  • Eclipse » Che » Version: 6.6.0
    cpe:2.3:a:eclipse:che:6.6.0
  • Eclipse » Che » Version: 6.6.1
    cpe:2.3:a:eclipse:che:6.6.1
  • Eclipse » Che » Version: 6.6.2
    cpe:2.3:a:eclipse:che:6.6.2
  • Eclipse » Che » Version: 6.7.0
    cpe:2.3:a:eclipse:che:6.7.0
  • Eclipse » Che » Version: 6.7.1
    cpe:2.3:a:eclipse:che:6.7.1
  • Eclipse » Che » Version: 6.8.0
    cpe:2.3:a:eclipse:che:6.8.0
  • Eclipse » Che » Version: 6.9.0
    cpe:2.3:a:eclipse:che:6.9.0
  • Eclipse » Che » Version: 7.0.0
    cpe:2.3:a:eclipse:che:7.0.0
  • Eclipse » Che » Version: 7.1.0
    cpe:2.3:a:eclipse:che:7.1.0
  • Eclipse » Che » Version: 7.10.0
    cpe:2.3:a:eclipse:che:7.10.0
  • Eclipse » Che » Version: 7.11.0
    cpe:2.3:a:eclipse:che:7.11.0
  • Eclipse » Che » Version: 7.2.0
    cpe:2.3:a:eclipse:che:7.2.0
  • Eclipse » Che » Version: 7.3.0
    cpe:2.3:a:eclipse:che:7.3.0
  • Eclipse » Che » Version: 7.3.1
    cpe:2.3:a:eclipse:che:7.3.1
  • Eclipse » Che » Version: 7.3.2
    cpe:2.3:a:eclipse:che:7.3.2
  • Eclipse » Che » Version: 7.3.3
    cpe:2.3:a:eclipse:che:7.3.3
  • Eclipse » Che » Version: 7.4.0
    cpe:2.3:a:eclipse:che:7.4.0
  • Eclipse » Che » Version: 7.5.0
    cpe:2.3:a:eclipse:che:7.5.0
  • Eclipse » Che » Version: 7.5.1
    cpe:2.3:a:eclipse:che:7.5.1
  • Eclipse » Che » Version: 7.6.0
    cpe:2.3:a:eclipse:che:7.6.0
  • Eclipse » Che » Version: 7.7.0
    cpe:2.3:a:eclipse:che:7.7.0
  • Eclipse » Che » Version: 7.7.1
    cpe:2.3:a:eclipse:che:7.7.1
  • Eclipse » Che » Version: 7.8.0
    cpe:2.3:a:eclipse:che:7.8.0
  • Eclipse » Che » Version: 7.9.0
    cpe:2.3:a:eclipse:che:7.9.0
  • Eclipse » Che » Version: 7.9.1
    cpe:2.3:a:eclipse:che:7.9.1
  • Eclipse » Che » Version: 7.9.2
    cpe:2.3:a:eclipse:che:7.9.2


Products
Pricing
Contact Us

Shodan ® - All rights reserved