CVE-2020-10689
First published: Fri Apr 03 2020(Updated: )
A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse Che | <7.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-10689?
CVE-2020-10689 is a vulnerability found in the Eclipse Che up to version 7.8.x that allows an authenticated user to bypass JWT proxy and gain access to the workspace pods of another user.
How can an attacker exploit CVE-2020-10689?
An attacker can exploit CVE-2020-10689 by leveraging improper access restrictions in Eclipse Che to gain unauthorized access to workspace pods of another user.
What is the severity of CVE-2020-10689?
CVE-2020-10689 has a severity rating of medium with a score of 6.8.
How can I fix CVE-2020-10689?
To fix CVE-2020-10689, users should update their Eclipse Che software to version 7.9.0 or newer, which includes the necessary security patches.
Where can I find more information about CVE-2020-10689?
You can find more information about CVE-2020-10689 on the Red Hat Bugzilla page (https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10689) and the Eclipse Che GitHub issue (https://github.com/eclipse/che/issues/15651).
- collector/nvd-index
- agent/softwarecombine
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/eclipse
- canonical/eclipse che