CVE-2020-14368

EPSS 0.09% · P26 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-14368

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery (CSRF) and consequently allowing a cross-site WebSocket hijack on Theia IDE. This flaw allows an attacker to gain full access to the victim's workspace through the /services endpoint. To perform a successful attack, the attacker conducts a Man-in-the-middle attack (MITM) and tricks the victim into executing a request via an untrusted link, which performs the CSRF and the Socket hijack. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

跨站请求伪造(CSRF)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Eclipse Che 跨站请求伪造漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Eclipse Che是Eclipse基金会的一套基于Java的开源在线集成开发环境（IDE）。 Eclipse Che 中存在跨站请求伪造漏洞。该漏洞源于WEB应用未充分验证请求是否来自可信用户。攻击者可利用该漏洞通过受影响客户端向服务器发送非预期的请求。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	eclipse	che-theia 7.14.0	-

II. Public POCs for CVE-2020-14368

#	POC Description	Source Link	Shenlong Link
1	Interactive RCE exploit demo for Eclipse CHE	https://github.com/codingchili/CVE-2020-14368	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-14368

请登录查看更多情报信息。

Same Patch Batch · n/a · 2020-12-14 · 56 CVEs total

CVE-2020-0444		Google Android Pixel 安全漏洞
CVE-2020-35457		GNOME Glib 输入验证错误漏洞
CVE-2020-0457		Google Android 缓冲区错误漏洞
CVE-2020-0016		Google Android Pixel 信任管理问题漏洞
CVE-2020-0456		Google Android 缓冲区错误漏洞
CVE-2020-0455		Google Android Pixel 缓冲区错误漏洞
CVE-2020-0019		Google Android Pixel 信任管理问题漏洞
CVE-2020-0458		Google Android Pixel 输入验证错误漏洞
CVE-2020-0459		Google Android 安全漏洞
CVE-2020-0468		Google Android Pixel 安全漏洞
CVE-2020-0440		Google Android 安全漏洞
CVE-2020-0464		Google Android 安全漏洞
CVE-2020-0466		Google Android资源管理错误漏洞
CVE-2020-0099		Google Android 安全漏洞
CVE-2020-20189		Ornose15 Newpk SQL注入漏洞
CVE-2020-20184		Liftoff GateOne 输入验证错误漏洞
CVE-2020-29304		WordPress 跨站脚本漏洞
CVE-2020-29303		WordPress SabaiApps DirectoriesPro plugin 跨站脚本漏洞
CVE-2020-20183		Zyxel P1302-T10 代码问题漏洞
CVE-2020-8177		Haxx curl 注入漏洞

Showing top 20 of 56 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: eclipse

CVE-2017-8315
Eclipse IDE Eclipse XML解析器安全漏洞

Same vendor: n/a

Same weakness: CWE-352

V. Comments for CVE-2020-14368

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-14368

I. Basic Information for CVE-2020-14368

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-14368

III. Intelligence Information for CVE-2020-14368

Same Patch Batch · n/a · 2020-12-14 · 56 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-14368

Leave a comment