A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF.
References
Configurations
No configuration.
History
No history.
Information
Published : 2024-02-16 16:15
Updated : 2024-02-16 19:26
NVD link : CVE-2024-1342
Mitre link : CVE-2024-1342
CVE.ORG link : CVE-2024-1342
JSON object : View
Products Affected
No product.
CWE
CWE-352
Cross-Site Request Forgery (CSRF)