Add CVE-2020-1761 to github.com/openshift/builder/pkg/build/builder [adbcurate]

77f81ba3 · 🤖 GitLab Bot 🤖 · Isaac Dawson · 8594014a · 77f81ba3
Commit 77f81ba3 authored 3 years ago by 🤖 GitLab Bot 🤖 Committed by Isaac Dawson 3 years ago
--- a/go/github.com/openshift/builder/pkg/build/builder/CVE-2020-1761.yml
+++ b/go/github.com/openshift/builder/pkg/build/builder/CVE-2020-1761.yml
+---
+identifier: "CVE-2020-1761"
+package_slug: "go/github.com/openshift/builder/pkg/build/builder"
+title: "Improperly Implemented Security Check for Standard"
+description: "A flaw was found in the OpenShift web console, where the access token
+  is stored in the browser's local storage. An attacker can use this flaw to get the
+  access token via physical access, or an XSS attack on the victim's browser."
+date: "2021-06-08"
+pubdate: "2021-05-27"
+affected_range: "<v4.0"
+fixed_versions:
+- "v4.0.0"
+affected_versions: "All versions before 4.0"
+not_impacted: "All versions starting from 4.0"
+solution: "Upgrade to version 4.0 or above."
+urls:
+- "https://nvd.nist.gov/vuln/detail/CVE-2020-1761"
+- "https://bugzilla.redhat.com/show_bug.cgi?id=1813788"
+cvss_v2: "AV:N/AC:M/Au:N/C:N/I:P/A:N"
+cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+uuid: "dee77e9b-37a1-478d-a255-88279fe15797"
+versions:
+- number: "v4.0"
+  commit:
+    tags:
+    - "v4.0.0"
+    sha: "1a77d837d8d74d5dcb6f8afcadb082629b04883e"
+    timestamp: "20190216205107"