CVE - CVE-2019-10176

CVE-ID
CVE-2019-10176	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:RHSA-2019:2792 URL:https://access.redhat.com/errata/RHSA-2019:2792 MISC:RHSA-2019:4053 URL:https://access.redhat.com/errata/RHSA-2019:4053 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10176 URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10176
Assigning CNA
Red Hat, Inc.
Date Record Created
20190327	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20190327)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)