CVE-2020-27816
N/A
N/A
Summary
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. This could lead to an arbitrary URL redirection or the openshift-logging console link damage. This flaw affects elasticsearch-operator-container versions before 4.7.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | openshift-logging/console | Versions before elasticsearch-operator-container 4.7 | affected |
Weaknesses
- CWE-601: CWE-601
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.