Lucene search
K

63 matches found

CNVD
CNVD
added 2020/12/16 12:0 a.m.8 views

Eclipse Che Cross-Site Request Forgery Vulnerability (CNVD-2021-14164)

Eclipse Che is the Eclipse Foundation's set of Java-based open source online integrated development environment IDE. A cross-site request forgery vulnerability exists in Eclipse Che versions prior to 7.14.0. No detailed vulnerability details are provided at this time...

7.1CVSS6.6AI score0.00507EPSS
Exploits1References1
NVD
NVD
added 2020/12/14 9:15 p.m.26 views

CVE-2020-14368

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...

7.1CVSS7AI score0.00507EPSS
Exploits1References1
OSV
OSV
added 2020/12/14 9:15 p.m.16 views

CVE-2020-14368

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...

7.1CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2020/12/14 9:15 p.m.17 views

Cross site request forgery (csrf)

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...

4.6CVSS7AI score0.00507EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/12/14 8:5 p.m.40 views

CVE-2020-14368

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...

7.1AI score0.00507EPSS
Exploits1References1
CVE
CVE
added 2020/12/14 8:5 p.m.62 views

CVE-2020-14368

CVE-2020-14368 affects Eclipse Che (versions prior to 7.14.0) when cookie-based authentication is configured, enabling CSRF due to Theia IDE not setting SameSite correctly and enabling a cross-site WebSocket hijack on the /services endpoint. Attack scenario involves MITM and tricking the user int...

7.1CVSS7AI score0.00507EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2020/12/14 12:0 a.m.9 views

Eclipse Che 跨站请求伪造漏洞

Eclipse Che is the Eclipse Foundation's set of Java-based open source online integrated development environment IDE. A cross-site request forgery vulnerability exists in Eclipse Che versions prior to 7.14.0. No detailed vulnerability details are provided at this time...

7.1CVSS7AI score0.00507EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2020/04/14 7:26 p.m.92 views

Moderate: Red Hat Security Advisory: Red Hat CodeReady Workspaces 2.1.0 release

Red Hat CodeReady Workspaces 2.1.0 has been released. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in th...

9.3CVSS6.7AI score0.34007EPSS
Exploits3References14
CNVD
CNVD
added 2020/04/07 12:0 a.m.4 views

Eclipse Che Unauthorized Access Vulnerability

Eclipse Che is the Eclipse Foundation's set of Java-based open source online integrated development environment IDE. A security vulnerability exists in Eclipse Che 7.8.x and earlier versions that stems from the program not properly restricting access to workspace container groups. An attacker cou...

6.8CVSS6.9AI score0.00752EPSS
Exploits1
GithubExploit
GithubExploit
added 2020/04/06 5:30 p.m.95 views

Exploit for Cross-Site Request Forgery (CSRF) in Eclipse Che

CSWSH-THEIA-CVE-2020-14368 - Report target: Eclipse CHE deplo...

7.1CVSS6.9AI score0.00507EPSS
Exploits1
NVD
NVD
added 2020/04/03 3:15 p.m.24 views

CVE-2020-10689

A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service na...

6.8CVSS6.4AI score0.00752EPSS
Exploits1References2
OSV
OSV
added 2020/04/03 3:15 p.m.25 views

CVE-2020-10689

A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service na...

6.8CVSS6.7AI score0.00752EPSS
Exploits1References2
Prion
Prion
added 2020/04/03 3:15 p.m.14 views

Design/Logic Flaw

A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service na...

4.9CVSS6.9AI score0.00752EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/04/03 2:29 p.m.107 views

CVE-2020-10689

Eclipse Che (up to 7.8.x) contains a access control flaw where an authenticated user can bypass the JWT proxy to access another user’s workspace pods. Exploitation requires knowledge of the target pod’s service name and namespace, and the impact affects workspace pod access with partial confident...

6.8CVSS6.5AI score0.00752EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/04/03 2:29 p.m.27 views

CVE-2020-10689

A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service na...

6.4CVSS6.6AI score0.00752EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2020/03/25 9:31 a.m.27 views

CVE-2020-10689

A flaw was found in the Eclipse Che, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of...

6.8CVSS2.7AI score0.00752EPSS
Exploits1References3
Check Point Advisories
Check Point Advisories
added 2020/03/15 12:0 a.m.23 views

Eclipse Che Cross Site Request Forgery (CVE-2019-17633)

A cross site request forgery vulnerability exists in Eclipse Che. Successful exploitation of this vulnerability could result in the execution of arbitrary code on the affected system...

6.8CVSS2.9AI score0.00811EPSS
Exploits1
CNVD
CNVD
added 2019/12/21 12:0 a.m.3 views

Eclipse Che Cross-Site Request Forgery Vulnerability

Eclipse Che is the Eclipse Foundation's set of Java-based open source online integrated development environment IDE. A cross-site request forgery vulnerability exists in Eclipse Che versions 6.16 through 7.3.0. The vulnerability stems from a WEB application that does not adequately validate that ...

8.8CVSS6.8AI score0.00811EPSS
Exploits1References1
NVD
NVD
added 2019/12/19 5:15 p.m.24 views

CVE-2019-17633

For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local installations e.g. ...

8.8CVSS8.6AI score0.00811EPSS
Exploits1References1
OSV
OSV
added 2019/12/19 5:15 p.m.12 views

CVE-2019-17633

For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local installations e.g. ...

8.8CVSS6.8AI score
Exploits0References1
Rows per page
Query Builder