Back to bug 1330233
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Kurt Seifried | 2016-04-25 17:06:17 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-04-25 17:06:17 UTC | Doc Type | --- | Bug Fix |
| Kurt Seifried | 2016-04-25 17:09:43 UTC | Depends On | 1329720 | |
| Kurt Seifried | 2016-04-25 17:12:29 UTC | Blocks | 1330234 | |
| Kurt Seifried | 2016-04-25 17:14:38 UTC | CC | jliggitt | |
| Kurt Seifried | 2016-04-28 19:41:35 UTC | CC | sdodson | |
| Kurt Seifried | 2016-04-28 19:45:07 UTC | Depends On | 1331564 | |
| Kurt Seifried | 2016-05-06 18:55:45 UTC | Doc Text | An origin validation vulnerability was found in OpenShift Enterprise. Specifically an attacker may be able to access API credentials stored in a web browsers localStorage if anonymous access is granted to service/proxy or pod/proxy API for a specific pod and an authorized access_token is provided int he query parameter. | |
| Kurt Seifried | 2016-05-06 23:27:19 UTC | Doc Text | An origin validation vulnerability was found in OpenShift Enterprise. Specifically an attacker may be able to access API credentials stored in a web browsers localStorage if anonymous access is granted to service/proxy or pod/proxy API for a specific pod and an authorized access_token is provided int he query parameter. | An origin validation vulnerability was found in OpenShift Enterprise. Specifically an attacker may be able to access API credentials stored in a web browsers localStorage if anonymous access is granted to service/proxy or pod/proxy API for a specific pod and an authorized access_token is provided in the query parameter allowing the attacker to access other accounts. |
| Martin Prpič | 2016-05-10 07:58:14 UTC | Doc Text | An origin validation vulnerability was found in OpenShift Enterprise. Specifically an attacker may be able to access API credentials stored in a web browsers localStorage if anonymous access is granted to service/proxy or pod/proxy API for a specific pod and an authorized access_token is provided in the query parameter allowing the attacker to access other accounts. | An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser's localStorage if anonymous access was granted to a service/proxy or pod/proxy API for a specific pod, and an authorized access_token was provided in the query parameter. |
| Kurt Seifried | 2016-05-12 17:13:32 UTC | Blocks | 1335624 | |
| Johnny Liu | 2016-05-19 04:00:11 UTC | CC | wjiang, wsun | |
| Kurt Seifried | 2016-05-19 15:32:11 UTC | Whiteboard | impact=moderate,public=no,reported=20160425,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cwe=CWE-346,openshift-enterprise-3/Security=affected | impact=moderate,public=20160519,reported=20160425,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cwe=CWE-346,openshift-enterprise-3/Security=affected |
| Kurt Seifried | 2016-05-19 15:32:16 UTC | Summary | EMBARGOED CVE-2016-3703 OpenShift Enterprise 3: Untrusted content loaded via the API proxy can access web console credentials on the same domain | CVE-2016-3703 OpenShift Enterprise 3: Untrusted content loaded via the API proxy can access web console credentials on the same domain |
| Kurt Seifried | 2016-05-19 15:32:20 UTC | Group | security, qe_staff | |
| Kurt Seifried | 2016-05-20 00:21:39 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-05-19 20:21:39 UTC | |||
| Martin Prpič | 2017-01-02 08:54:11 UTC | Whiteboard | impact=moderate,public=20160519,reported=20160425,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cwe=CWE-346,openshift-enterprise-3/Security=affected | impact=moderate,public=20160519,reported=20160425,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cwe=CWE-285,openshift-enterprise-3/Security=affected |
| Product Security DevOps Team | 2019-09-29 13:48:22 UTC | Whiteboard | impact=moderate,public=20160519,reported=20160425,source=redhat,cvss2=6.0/AV:N/AC:M/Au:S/C:P/I:P/A:P,cwe=CWE-285,openshift-enterprise-3/Security=affected |
Back to bug 1330233