Bug 1902698 (CVE-2020-27816) - CVE-2020-27816 openshift/elasticsearch-operator: arbitrary URL redirection of the cluster logging kibana console
Summary: CVE-2020-27816 openshift/elasticsearch-operator: arbitrary URL redirection of...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-27816
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1898572 1902768
Blocks: 1899673
TreeView+ depends on / blocked
 
Reported: 2020-11-30 12:56 UTC by Przemyslaw Roguski
Modified: 2021-02-17 21:44 UTC (History)
9 users (show)

Fixed In Version: elasticsearch-operator-container 4.7
Doc Type: ---
Doc Text:
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. This could lead to an arbitrary URL redirection or the openshift cluster logging console link damage.
Clone Of:
Environment:
Last Closed: 2021-02-08 14:41:48 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:0310 0 None None None 2021-02-08 13:41:41 UTC

Description Przemyslaw Roguski 2020-11-30 12:56:47 UTC
In the OpenShift Container Platform  4.x the kibana logging console might be manipulated or even completely damaged by any user who create kibana resource in a non openshift-logging namespace. Due to that the console links is recreated by the elasticsearch-operator based on the new CR. If the new kibana resource is removed then the openshift-logging console link does not back to the original one but completely is lost.

This flaw could lead to an arbitrary URL redirection or the openshift-logging console link full damage.

Comment 4 Przemyslaw Roguski 2020-12-01 11:08:21 UTC
Acknowledgments:

Name: Aivaras Laimikis

Comment 5 errata-xmlrpc 2021-02-08 13:41:39 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.6

Via RHSA-2021:0310 https://access.redhat.com/errata/RHSA-2021:0310

Comment 6 Product Security DevOps Team 2021-02-08 14:41:48 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-27816


Note You need to log in before you can comment on or make changes to this bug.