Back to bug 1813788
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jason Shepherd | 2020-03-16 05:22:12 UTC | Depends On | 1801831 | |
| Jason Shepherd | 2020-03-16 05:46:06 UTC | CC | aos-bugs, bpeterse | |
| Jason Shepherd | 2020-03-17 05:55:31 UTC | Summary | atomic-openshift-web-console: access token stored in browser local storage | CVE-2020-1761 atomic-openshift-web-console: access token stored in browser local storage |
| Alias | CVE-2020-1761 | |||
| Summary | CVE-2020-1761 atomic-openshift-web-console: access token stored in browser local storage | CVE-2020-1761 openshift/console: access token stored in browser local storage | ||
| Jason Shepherd | 2020-03-17 05:56:29 UTC | Fixed In Version | openshift/console-4 | |
| Doc Type | --- | If docs needed, set a value | ||
| RaTasha Tillery-Smith | 2020-03-18 12:18:20 UTC | CC | rtillery | |
| Flags | needinfo?(jshepherd) | |||
| Eric Christensen | 2020-03-18 18:21:13 UTC | Doc Text | It was found that access token is stored in the browser’s local storage. Attackers can get the access token with physical access, or via an XSS attack on the victim's browser. | A cross-site scripting (XSS) flaw was found in openshift console. The access token stored in the browser's local storage can be accessed by an attacker with physical access to the browser. With this access token, the attacker can read the JavaScript possibly leveraging this for XSS. |
| Jason Shepherd | 2020-03-23 00:46:27 UTC | Doc Text | A cross-site scripting (XSS) flaw was found in openshift console. The access token stored in the browser's local storage can be accessed by an attacker with physical access to the browser. With this access token, the attacker can read the JavaScript possibly leveraging this for XSS. | A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. |
| Flags | needinfo?(jshepherd) | |||
| PnT Account Manager | 2020-09-10 20:42:52 UTC | CC | bpeterse | |
| Red Hat Bugzilla | 2022-01-08 05:27:24 UTC | CC | jokerman | |
| Red Hat Bugzilla | 2022-05-09 08:29:55 UTC | CC | aos-bugs | |
| Red Hat Bugzilla | 2023-07-07 08:28:12 UTC | Assignee | security-response-team | nobody |
Back to bug 1813788