Back to search
CVE-2020-27816
Published: Dec 2, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. This could lead to an arbitrary URL redirection or the openshift-logging console link damage. This flaw affects elasticsearch-operator-container versions before 4.7.
| Vendor | Product | Versions |
|---|---|---|
n/a | openshift-logging/console | affected Versions before elasticsearch-operator-container 4.7 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1902698
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now