web-console: XSS in OAuth server /oauth/token/request endpoint

A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction ...

PT-2019-16750 · Red Hat · Openshift Oauth Server

Name of the Vulnerable Software and Affected Versions: OpenShift OAuth server affected versions not specified Description: A flaw was found in the "/oauth/token/request" custom endpoint of the OpenShift OAuth server, allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSR...