vulnerability

Red Hat OpenShift: CVE-2019-3876: web-console: XSS in OAuth server /oauth/token/request endpoint

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Apr 1, 2019	Jul 30, 2019	Apr 14, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Apr 1, 2019

Added

Jul 30, 2019

Modified

Apr 14, 2025

Description

A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens.

Solution(s)

linuxrpm-upgrade-atomic-openshiftlinuxrpm-upgrade-jenkins-2-plugins

References

CVE-2019-3876
https://attackerkb.com/topics/CVE-2019-3876
REDHAT-RHSA-2019:1851

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today