CVE-2020-10689

Source
https://cve.org/CVERecord?id=CVE-2020-10689
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10689.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-10689
Published
2020-04-03T15:15:14.420Z
Modified
2026-04-10T04:21:33.744002Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod.

References

Affected packages

Git / github.com/eclipse/che

Affected ranges

Type
GIT
Repo
https://github.com/eclipse/che
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.9.0"
        }
    ]
}

Affected versions

4.*
4.0.0
4.0.0-RC10
4.0.0-RC11
4.0.0-RC12
4.0.0-RC13
4.0.0-RC14
4.0.0-RC4
4.0.0-RC5
4.0.0-RC6
4.0.0-RC7
4.0.0-RC8
4.0.0-RC9
4.1.0
4.2.0
4.3.0
4.3.0-RC1
4.4.0
4.5.0
4.6.0
4.7.0
4.7.0-RC1
5.*
5.0.0
5.0.0-M1
5.0.0-M3
5.0.0-M5
5.0.0-M6
5.0.0-M7
5.0.0-M8
5.1.0
5.2.0
5.4.0
5.5.0
5.7.0
5.8.0
5.9.0
Other
Docker

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10689.json"