CVE Published: 03/04/2020 |
CVE Updated: 04/08/2024 |
CVE Year: 2020 Source: redhat |
Vendor: Red Hat |
Product: Eclipse Che Status : PUBLISHED
CVE-2020-10689 Description
A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod.
Metrics
CVSS Version: 3.1 |
Base Score: 6.4 MEDIUM Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
l➤ Exploitability Metrics: Attack Vector (AV)* ADJACENT_NETWORK Attack Complexity (AC)* HIGH Privileges Required (PR)* HIGH User Interaction (UI)* NONE Scope (S)* UNCHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* HIGH
Weakness Enumeration (CWE)
CWE-ID: CWE-862 CWE Name: CWE-862 Source: Red Hat
Common Attack Pattern Enumeration and Classification (CAPEC)