A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10689 | Issue Tracking Patch Third Party Advisory |
https://github.com/eclipse/che/issues/15651 | Exploit Issue Tracking Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10689 | Issue Tracking Patch Third Party Advisory |
https://github.com/eclipse/che/issues/15651 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
21 Nov 2024, 04:55
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.9
v3 : 6.4 |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10689 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://github.com/eclipse/che/issues/15651 - Exploit, Issue Tracking, Third Party Advisory |
Information
Published : 2020-04-03 15:15
Updated : 2024-11-21 04:55
NVD link : CVE-2020-10689
Mitre link : CVE-2020-10689
CVE.ORG link : CVE-2020-10689
JSON object : View
Products Affected
eclipse
- che
CWE