Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-27816

EPSS 0.17% · P37
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-27816

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. This could lead to an arbitrary URL redirection or the openshift-logging console link damage. This flaw affects elasticsearch-operator-container versions before 4.7.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Red Hat OpenShift Elasticsearch-operator 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat OpenShift Elasticsearch-operator是美国Red Hat公司的一个用于OpenShift中支持与Elasticsearch进行交互的软件。 elasticsearch-operator-container 4.7之前版本存在安全漏洞,该漏洞源于不验证创建kibana日志记录资源的名称空间,因此可以将原来的openshift日志记录控制台链接(kibana控制台)替换为另一个基于新CR为新kibana资源创建的链接。这可能导致任意URL重定向或openshift-
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-openshift-logging/console Versions before elasticsearch-operator-container 4.7 -

II. Public POCs for CVE-2020-27816

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-27816

登录查看更多情报信息。

Same Patch Batch · n/a · 2020-12-02 · 39 CVEs total

CVE-2020-14260HCL Domino 输入验证错误漏洞
CVE-2020-13956Apache HttpClient 安全漏洞
CVE-2020-25638Red Hat Hibernate ORM SQL注入漏洞
CVE-2020-28273Ahdinosaur Set-in 安全漏洞
CVE-2020-28272keyget 安全漏洞
CVE-2020-14369Red Hat CloudForms 跨站请求伪造漏洞
CVE-2020-29458Textpattern Cms 跨站请求伪造漏洞
CVE-2020-29456Papermerge 跨站脚本漏洞
CVE-2020-29454Umbraco 安全漏洞
CVE-2020-6018Valvesoftware GameNetworkingSockets 缓冲区错误漏洞
CVE-2020-29239Online Birth Certificate System 跨站脚本漏洞
CVE-2020-4102HCL Notes 安全漏洞
CVE-2020-25723QEMU 代码问题漏洞
CVE-2020-14305Linux kernel 缓冲区错误漏洞
CVE-2020-7199HPE Edgeline Infrastructure Management 授权问题漏洞
CVE-2020-14383Samba 安全漏洞
CVE-2020-25656Linux kernel资源管理错误漏洞
CVE-2020-25704Linux kernel 资源管理错误漏洞
CVE-2020-27813Gorilla Websocket 资源管理错误漏洞
CVE-2020-13496Pixar OpenUSD 缓冲区错误漏洞

Showing top 20 of 39 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a
Same weakness: CWE-601

V. Comments for CVE-2020-27816

No comments yet

Leave a comment