Lucene search
GoogleOSV:CVE-2020-27816HistoryDec 02, 2020 - 1:15 a.m.
CVE-2020-27816
2020-12-0201:15:12
Google
osv.dev
5
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. This could lead to an arbitrary URL redirection or the openshift-logging console link damage. This flaw affects elasticsearch-operator-container versions before 4.7.
| CPE | Name | Operator | Version |
|---|---|---|---|
| kibana | eq | 4.0.0-beta2 | |
| kibana | eq | 4.0.0-beta1.1 | |
| kibana | eq | 4.0.0BETA1 | |
| kibana | eq | 4.0.0-beta3 | |
| kibana | eq | 4.0.0 | |
| kibana | eq | 4.0.0-beta1 |
Related
cvelist
cvelist
CVE-2020-27816
2020-12-02 00:54:03
cve
cve
CVE-2020-27816
2020-12-02 01:15:12
prion
prion
Design/Logic Flaw
2020-12-02 01:15:00
redhatcve
redhatcve
CVE-2020-27816
2020-12-01 11:29:59
nvd
nvd
CVE-2020-27816
2020-12-02 01:15:12
redhat
redhat