{"containers": {"cna": {"affected": [{"product": "Eclipse Che", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "7.8.x"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-03T14:29:59", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10689"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/eclipse/che/issues/15651"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-10689", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse Che", "version": {"version_data": [{"version_value": "7.8.x"}]}}]}, "vendor_name": "Red Hat"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod."}]}, "impact": {"cvss": [[{"vectorString": "6.4/CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10689", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10689"}, {"name": "https://github.com/eclipse/che/issues/15651", "refsource": "MISC", "url": "https://github.com/eclipse/che/issues/15651"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:06:11.157Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10689"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/eclipse/che/issues/15651"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-10689", "datePublished": "2020-04-03T14:29:59", "dateReserved": "2020-03-20T00:00:00", "dateUpdated": "2024-08-04T11:06:11.157Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:che:*:*:*:*:*:*:*:*", "matchCriteriaId": "20B587B9-3F69-42CA-810C-CAFAB7CE29E3", "versionEndExcluding": "7.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod."}, {"lang": "es", "value": "Se detect\u00f3 un fallo en el Eclipse Che versiones hasta 7.8.x, donde no se restringe apropiadamente el acceso a unos pods del espacio de trabajo. Un usuario autenticado puede explotar este fallo para omitir un proxy JWT y conseguir acceso a los pods del espacio de trabajo de otro usuario. Una explotaci\u00f3n con \u00e9xito requiere el conocimiento del nombre del servicio y el espacio de nombres del pod objetivo."}], "id": "CVE-2020-10689", "lastModified": "2023-11-07T03:14:12.757", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2020-04-03T15:15:14.420", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10689"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/eclipse/che/issues/15651"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Mario Loriedo (Red Hat).", "affected_release": [{"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/crw-2-rhel8-operator:2.1-19", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/crw-2-rhel8-operator-metadata:2.1-41", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/devfileregistry-rhel8:2.1-72", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/imagepuller-rhel8:2.1-15", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/jwtproxy-rhel8:2.1-11", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/machineexec-rhel8:2.1-9", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/pluginbroker-artifacts-rhel8:2.1-9", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/pluginbroker-metadata-rhel8:2.1-9", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/plugin-java11-rhel8:2.1-10", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/plugin-kubernetes-rhel8:2.1-7", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/plugin-openshift-rhel8:2.1-7", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/pluginregistry-rhel8:2.1-86", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/server-rhel8:2.1-19", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/stacks-cpp-rhel8:2.1-6", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/stacks-dotnet-rhel8:2.1-8", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/stacks-golang-rhel8:2.1-7", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/stacks-java-rhel8:2.1-7", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/stacks-node-rhel8:2.1-7", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/stacks-php-rhel8:2.1-9", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/stacks-python-rhel8:2.1-5", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/theia-dev-rhel8:2.1-38", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/theia-endpoint-rhel8:2.1-32", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1475", "cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8", "package": "codeready-workspaces/theia-rhel8:2.1-30", "product_name": "Red Hat CodeReady Workspaces 2.0", "release_date": "2020-04-14T00:00:00Z"}], "bugzilla": {"description": "che: pods in kubernetes cluster can bypass JWT proxy and send unauthenticated requests to workspace pods", "id": "1816789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816789"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-862", "details": ["A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod.", "A flaw was found in the Eclipse Che, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod."], "name": "CVE-2020-10689", "package_state": [{"cpe": "cpe:/a:redhat:codeready_workspaces:1.", "fix_state": "Out of support scope", "package_name": "che", "product_name": "Red Hat CodeReady Workspaces 1"}], "public_date": "2020-03-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-10689\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10689"], "threat_severity": "Moderate", "upstream_fix": "Eclipse Che 7.9.0"}