← back
CVE-2020-10689

CVE-2020-10689

CVSS 6.4 MEDIUMEPSS 0.8%CWE-862
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.4EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
03 Apr 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod.
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Red Hat · Eclipse Che

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10689https://github.com/eclipse/che/issues/15651