CVE-2020-10743

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-10743

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10743.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-10743

Related

Published

2021-06-02T11:15:07Z

Modified

2024-09-03T03:18:26.156539Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1834550

Affected packages

Git / github.com/elastic/kibana

Affected ranges

Type: GIT
Repo: https://github.com/elastic/kibana
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

3ff0f9b07dbcf2f7552d204777ee426885886609

Affected versions

v4.*

v4.0.0

v4.0.0-beta1

v4.0.0-beta1.1

v4.0.0-beta2

v4.0.0-beta3

v4.0.0BETA1

v4.1.0

v4.2.0-beta1

v4.6.0

v4.6.1