rhsa-2020:1475
Vulnerability from csaf_redhat
Published
2020-04-14 19:26
Modified
2024-11-22 14:20
Summary
Red Hat Security Advisory: Red Hat CodeReady Workspaces 2.1.0 release
Notes
Topic
Red Hat CodeReady Workspaces 2.1.0 has been released.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat CodeReady Workspaces 2.1.0 provides a cloud developer-workspace server and a browser-based IDE built for teams and organizations. CodeReady Workspaces runs in OpenShift and is well-suited for container-based development.
This major release is based on Eclipse Che 7.9 and offers security fixes and a number of enhancements and new features, including:
Security fix:
* JWT proxy bypass allows access to workspace pods of other users (CVE-2020-10689)
Enhancements and new features:
* Improved code samples for default devfiles
* Improved naming of default stacks
* Updated .NET sample (including debugger) to version 3.1
* Enabled offline devfile registry
For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
This update includes updated container images, which are based on an updated Red Hat Enterprise Linux image that contains fixes for the following issues:
CVE-2019-1348, CVE-2019-1349, CVE-2019-1352, CVE-2019-1387, CVE-2019-13734, CVE-2019-15030, CVE-2019-15031, CVE-2019-16775, CVE-2019-16776, CVE-2019-16777, CVE-2019-18397, CVE-2019-18408, CVE-2019-18660, CVE-2019-19527, CVE-2020-1712, CVE-2020-10531
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat CodeReady Workspaces 2.1.0 has been released.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat CodeReady Workspaces 2.1.0 provides a cloud developer-workspace server and a browser-based IDE built for teams and organizations. CodeReady Workspaces runs in OpenShift and is well-suited for container-based development.\n\nThis major release is based on Eclipse Che 7.9 and offers security fixes and a number of enhancements and new features, including:\n\nSecurity fix:\n\n* JWT proxy bypass allows access to workspace pods of other users (CVE-2020-10689)\n\nEnhancements and new features:\n\n* Improved code samples for default devfiles\n* Improved naming of default stacks\n* Updated .NET sample (including debugger) to version 3.1\n* Enabled offline devfile registry\n\nFor more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.\n\nThis update includes updated container images, which are based on an updated Red Hat Enterprise Linux image that contains fixes for the following issues:\n\nCVE-2019-1348, CVE-2019-1349, CVE-2019-1352, CVE-2019-1387, CVE-2019-13734, CVE-2019-15030, CVE-2019-15031, CVE-2019-16775, CVE-2019-16776, CVE-2019-16777, CVE-2019-18397, CVE-2019-18408, CVE-2019-18660, CVE-2019-19527, CVE-2020-1712, CVE-2020-10531",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:1475",
"url": "https://access.redhat.com/errata/RHSA-2020:1475"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_codeready_workspaces/2.1/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_codeready_workspaces/2.1/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1816789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816789"
},
{
"category": "external",
"summary": "CRW-402",
"url": "https://issues.redhat.com/browse/CRW-402"
},
{
"category": "external",
"summary": "CRW-507",
"url": "https://issues.redhat.com/browse/CRW-507"
},
{
"category": "external",
"summary": "CRW-510",
"url": "https://issues.redhat.com/browse/CRW-510"
},
{
"category": "external",
"summary": "CRW-533",
"url": "https://issues.redhat.com/browse/CRW-533"
},
{
"category": "external",
"summary": "CRW-535",
"url": "https://issues.redhat.com/browse/CRW-535"
},
{
"category": "external",
"summary": "CRW-537",
"url": "https://issues.redhat.com/browse/CRW-537"
},
{
"category": "external",
"summary": "CRW-544",
"url": "https://issues.redhat.com/browse/CRW-544"
},
{
"category": "external",
"summary": "CRW-572",
"url": "https://issues.redhat.com/browse/CRW-572"
},
{
"category": "external",
"summary": "CRW-573",
"url": "https://issues.redhat.com/browse/CRW-573"
},
{
"category": "external",
"summary": "CRW-574",
"url": "https://issues.redhat.com/browse/CRW-574"
},
{
"category": "external",
"summary": "CRW-784",
"url": "https://issues.redhat.com/browse/CRW-784"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1475.json"
}
],
"title": "Red Hat Security Advisory: Red Hat CodeReady Workspaces 2.1.0 release",
"tracking": {
"current_release_date": "2024-11-22T14:20:39+00:00",
"generator": {
"date": "2024-11-22T14:20:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:1475",
"initial_release_date": "2020-04-14T19:26:29+00:00",
"revision_history": [
{
"date": "2020-04-14T19:26:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-14T19:26:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:20:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat CodeReady Workspaces Containers 2.0",
"product": {
"name": "Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:codeready_workspaces:2.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat CodeReady Workspaces"
},
{
"branches": [
{
"category": "product_version",
"name": "codeready-workspaces/devfileregistry-rhel8@sha256:b811a879f331152bada0fd225ca3330d54f27596040edec5778bd4099bc14371_amd64",
"product": {
"name": "codeready-workspaces/devfileregistry-rhel8@sha256:b811a879f331152bada0fd225ca3330d54f27596040edec5778bd4099bc14371_amd64",
"product_id": "codeready-workspaces/devfileregistry-rhel8@sha256:b811a879f331152bada0fd225ca3330d54f27596040edec5778bd4099bc14371_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:b811a879f331152bada0fd225ca3330d54f27596040edec5778bd4099bc14371?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/devfileregistry-rhel8\u0026tag=2.1-72"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/imagepuller-rhel8@sha256:da74046d9bc142f22624c2d46da07ec22d5cf4d27b19c898390d0aa4bdce1ec0_amd64",
"product": {
"name": "codeready-workspaces/imagepuller-rhel8@sha256:da74046d9bc142f22624c2d46da07ec22d5cf4d27b19c898390d0aa4bdce1ec0_amd64",
"product_id": "codeready-workspaces/imagepuller-rhel8@sha256:da74046d9bc142f22624c2d46da07ec22d5cf4d27b19c898390d0aa4bdce1ec0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:da74046d9bc142f22624c2d46da07ec22d5cf4d27b19c898390d0aa4bdce1ec0?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/imagepuller-rhel8\u0026tag=2.1-15"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/jwtproxy-rhel8@sha256:b0b31981db52f3203682f18026bcd346cee647d7ad4160e87103f276f8780ff5_amd64",
"product": {
"name": "codeready-workspaces/jwtproxy-rhel8@sha256:b0b31981db52f3203682f18026bcd346cee647d7ad4160e87103f276f8780ff5_amd64",
"product_id": "codeready-workspaces/jwtproxy-rhel8@sha256:b0b31981db52f3203682f18026bcd346cee647d7ad4160e87103f276f8780ff5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jwtproxy-rhel8@sha256:b0b31981db52f3203682f18026bcd346cee647d7ad4160e87103f276f8780ff5?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/jwtproxy-rhel8\u0026tag=2.1-11"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/machineexec-rhel8@sha256:dac0dae1b8df99a74b42a87ad5d2976b5f1f1d864feea953ce92660b9f33ac39_amd64",
"product": {
"name": "codeready-workspaces/machineexec-rhel8@sha256:dac0dae1b8df99a74b42a87ad5d2976b5f1f1d864feea953ce92660b9f33ac39_amd64",
"product_id": "codeready-workspaces/machineexec-rhel8@sha256:dac0dae1b8df99a74b42a87ad5d2976b5f1f1d864feea953ce92660b9f33ac39_amd64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:dac0dae1b8df99a74b42a87ad5d2976b5f1f1d864feea953ce92660b9f33ac39?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/machineexec-rhel8\u0026tag=2.1-9"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/pluginbroker-artifacts-rhel8@sha256:6e79860a0dd54fadccce26847c0dfb31d74db351e9dfce89df368d655bf27e7a_amd64",
"product": {
"name": "codeready-workspaces/pluginbroker-artifacts-rhel8@sha256:6e79860a0dd54fadccce26847c0dfb31d74db351e9dfce89df368d655bf27e7a_amd64",
"product_id": "codeready-workspaces/pluginbroker-artifacts-rhel8@sha256:6e79860a0dd54fadccce26847c0dfb31d74db351e9dfce89df368d655bf27e7a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginbroker-artifacts-rhel8@sha256:6e79860a0dd54fadccce26847c0dfb31d74db351e9dfce89df368d655bf27e7a?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/pluginbroker-artifacts-rhel8\u0026tag=2.1-9"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/pluginbroker-metadata-rhel8@sha256:27d339688c21a34e5edfe9329bcf9a5bed1230bf322170d410a7fa80ee910593_amd64",
"product": {
"name": "codeready-workspaces/pluginbroker-metadata-rhel8@sha256:27d339688c21a34e5edfe9329bcf9a5bed1230bf322170d410a7fa80ee910593_amd64",
"product_id": "codeready-workspaces/pluginbroker-metadata-rhel8@sha256:27d339688c21a34e5edfe9329bcf9a5bed1230bf322170d410a7fa80ee910593_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginbroker-metadata-rhel8@sha256:27d339688c21a34e5edfe9329bcf9a5bed1230bf322170d410a7fa80ee910593?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/pluginbroker-metadata-rhel8\u0026tag=2.1-9"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/plugin-java11-rhel8@sha256:872fa606f0108bbad736bd70d588263437c728ada2ff6790981eff1703fa7a55_amd64",
"product": {
"name": "codeready-workspaces/plugin-java11-rhel8@sha256:872fa606f0108bbad736bd70d588263437c728ada2ff6790981eff1703fa7a55_amd64",
"product_id": "codeready-workspaces/plugin-java11-rhel8@sha256:872fa606f0108bbad736bd70d588263437c728ada2ff6790981eff1703fa7a55_amd64",
"product_identification_helper": {
"purl": "pkg:oci/plugin-java11-rhel8@sha256:872fa606f0108bbad736bd70d588263437c728ada2ff6790981eff1703fa7a55?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/plugin-java11-rhel8\u0026tag=2.1-10"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/plugin-kubernetes-rhel8@sha256:603780924977c27ccfbbb1715fd3ef3683eaea5ee867f93d25ed4c9a74514eaa_amd64",
"product": {
"name": "codeready-workspaces/plugin-kubernetes-rhel8@sha256:603780924977c27ccfbbb1715fd3ef3683eaea5ee867f93d25ed4c9a74514eaa_amd64",
"product_id": "codeready-workspaces/plugin-kubernetes-rhel8@sha256:603780924977c27ccfbbb1715fd3ef3683eaea5ee867f93d25ed4c9a74514eaa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/plugin-kubernetes-rhel8@sha256:603780924977c27ccfbbb1715fd3ef3683eaea5ee867f93d25ed4c9a74514eaa?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/plugin-kubernetes-rhel8\u0026tag=2.1-7"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/plugin-openshift-rhel8@sha256:38202d1640cf25438ab85e5c7847917daeb0fdca040c2adf4ad8daa018a5f335_amd64",
"product": {
"name": "codeready-workspaces/plugin-openshift-rhel8@sha256:38202d1640cf25438ab85e5c7847917daeb0fdca040c2adf4ad8daa018a5f335_amd64",
"product_id": "codeready-workspaces/plugin-openshift-rhel8@sha256:38202d1640cf25438ab85e5c7847917daeb0fdca040c2adf4ad8daa018a5f335_amd64",
"product_identification_helper": {
"purl": "pkg:oci/plugin-openshift-rhel8@sha256:38202d1640cf25438ab85e5c7847917daeb0fdca040c2adf4ad8daa018a5f335?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/plugin-openshift-rhel8\u0026tag=2.1-7"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/pluginregistry-rhel8@sha256:e8187d1f68bba7f17898e341cd0b89b10c9363e31ed558b0713d2367e2669618_amd64",
"product": {
"name": "codeready-workspaces/pluginregistry-rhel8@sha256:e8187d1f68bba7f17898e341cd0b89b10c9363e31ed558b0713d2367e2669618_amd64",
"product_id": "codeready-workspaces/pluginregistry-rhel8@sha256:e8187d1f68bba7f17898e341cd0b89b10c9363e31ed558b0713d2367e2669618_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:e8187d1f68bba7f17898e341cd0b89b10c9363e31ed558b0713d2367e2669618?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/pluginregistry-rhel8\u0026tag=2.1-86"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/crw-2-rhel8-operator@sha256:45eca3d70335c8b70f5e71d31576d66fba7877d8bd2d5eb96352a1da7b2ef58f_amd64",
"product": {
"name": "codeready-workspaces/crw-2-rhel8-operator@sha256:45eca3d70335c8b70f5e71d31576d66fba7877d8bd2d5eb96352a1da7b2ef58f_amd64",
"product_id": "codeready-workspaces/crw-2-rhel8-operator@sha256:45eca3d70335c8b70f5e71d31576d66fba7877d8bd2d5eb96352a1da7b2ef58f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/crw-2-rhel8-operator@sha256:45eca3d70335c8b70f5e71d31576d66fba7877d8bd2d5eb96352a1da7b2ef58f?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/crw-2-rhel8-operator\u0026tag=2.1-19"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/crw-2-rhel8-operator-metadata@sha256:52d30fcac79fc7bd5fd3e03a253215e7023d422ab72e4661229e9ed09cf9ef27_amd64",
"product": {
"name": "codeready-workspaces/crw-2-rhel8-operator-metadata@sha256:52d30fcac79fc7bd5fd3e03a253215e7023d422ab72e4661229e9ed09cf9ef27_amd64",
"product_id": "codeready-workspaces/crw-2-rhel8-operator-metadata@sha256:52d30fcac79fc7bd5fd3e03a253215e7023d422ab72e4661229e9ed09cf9ef27_amd64",
"product_identification_helper": {
"purl": "pkg:oci/crw-2-rhel8-operator-metadata@sha256:52d30fcac79fc7bd5fd3e03a253215e7023d422ab72e4661229e9ed09cf9ef27?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/crw-2-rhel8-operator-metadata\u0026tag=2.1-41"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/server-rhel8@sha256:2d87f9ef09138a692c9a09c2b24ddfa3377cc74501a34c142dafd3e08babd650_amd64",
"product": {
"name": "codeready-workspaces/server-rhel8@sha256:2d87f9ef09138a692c9a09c2b24ddfa3377cc74501a34c142dafd3e08babd650_amd64",
"product_id": "codeready-workspaces/server-rhel8@sha256:2d87f9ef09138a692c9a09c2b24ddfa3377cc74501a34c142dafd3e08babd650_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:2d87f9ef09138a692c9a09c2b24ddfa3377cc74501a34c142dafd3e08babd650?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/server-rhel8\u0026tag=2.1-19"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/stacks-cpp-rhel8@sha256:191d0fcf5983e2901fd3d92d27af760ab3e9924bbad8dbc7d45dd0103de89480_amd64",
"product": {
"name": "codeready-workspaces/stacks-cpp-rhel8@sha256:191d0fcf5983e2901fd3d92d27af760ab3e9924bbad8dbc7d45dd0103de89480_amd64",
"product_id": "codeready-workspaces/stacks-cpp-rhel8@sha256:191d0fcf5983e2901fd3d92d27af760ab3e9924bbad8dbc7d45dd0103de89480_amd64",
"product_identification_helper": {
"purl": "pkg:oci/stacks-cpp-rhel8@sha256:191d0fcf5983e2901fd3d92d27af760ab3e9924bbad8dbc7d45dd0103de89480?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/stacks-cpp-rhel8\u0026tag=2.1-6"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/stacks-dotnet-rhel8@sha256:9a5ef2fec22979ccaab3574c5fc0761262b165bf0c5ac49d078b2069d84d9f08_amd64",
"product": {
"name": "codeready-workspaces/stacks-dotnet-rhel8@sha256:9a5ef2fec22979ccaab3574c5fc0761262b165bf0c5ac49d078b2069d84d9f08_amd64",
"product_id": "codeready-workspaces/stacks-dotnet-rhel8@sha256:9a5ef2fec22979ccaab3574c5fc0761262b165bf0c5ac49d078b2069d84d9f08_amd64",
"product_identification_helper": {
"purl": "pkg:oci/stacks-dotnet-rhel8@sha256:9a5ef2fec22979ccaab3574c5fc0761262b165bf0c5ac49d078b2069d84d9f08?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/stacks-dotnet-rhel8\u0026tag=2.1-8"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/stacks-golang-rhel8@sha256:9e8bfc4dda750dbc82a7dac2583cf8b0ee04cc1525b9178aa0b52dae4bc4bc72_amd64",
"product": {
"name": "codeready-workspaces/stacks-golang-rhel8@sha256:9e8bfc4dda750dbc82a7dac2583cf8b0ee04cc1525b9178aa0b52dae4bc4bc72_amd64",
"product_id": "codeready-workspaces/stacks-golang-rhel8@sha256:9e8bfc4dda750dbc82a7dac2583cf8b0ee04cc1525b9178aa0b52dae4bc4bc72_amd64",
"product_identification_helper": {
"purl": "pkg:oci/stacks-golang-rhel8@sha256:9e8bfc4dda750dbc82a7dac2583cf8b0ee04cc1525b9178aa0b52dae4bc4bc72?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/stacks-golang-rhel8\u0026tag=2.1-7"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/stacks-java-rhel8@sha256:e73cb6bd61cb5578f3317ffe52dd1be0b460d5b8a3f0cee278070203e422c6aa_amd64",
"product": {
"name": "codeready-workspaces/stacks-java-rhel8@sha256:e73cb6bd61cb5578f3317ffe52dd1be0b460d5b8a3f0cee278070203e422c6aa_amd64",
"product_id": "codeready-workspaces/stacks-java-rhel8@sha256:e73cb6bd61cb5578f3317ffe52dd1be0b460d5b8a3f0cee278070203e422c6aa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/stacks-java-rhel8@sha256:e73cb6bd61cb5578f3317ffe52dd1be0b460d5b8a3f0cee278070203e422c6aa?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/stacks-java-rhel8\u0026tag=2.1-7"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/stacks-node-rhel8@sha256:d1a9e5d6d9b5fd7de3342db00fa2ed3b883241eca1182044b22c8d05745c298d_amd64",
"product": {
"name": "codeready-workspaces/stacks-node-rhel8@sha256:d1a9e5d6d9b5fd7de3342db00fa2ed3b883241eca1182044b22c8d05745c298d_amd64",
"product_id": "codeready-workspaces/stacks-node-rhel8@sha256:d1a9e5d6d9b5fd7de3342db00fa2ed3b883241eca1182044b22c8d05745c298d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/stacks-node-rhel8@sha256:d1a9e5d6d9b5fd7de3342db00fa2ed3b883241eca1182044b22c8d05745c298d?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/stacks-node-rhel8\u0026tag=2.1-7"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/stacks-php-rhel8@sha256:a291af2f21a28654b30e807c9dba2e5934482f8b99f816c197c87850de0eac33_amd64",
"product": {
"name": "codeready-workspaces/stacks-php-rhel8@sha256:a291af2f21a28654b30e807c9dba2e5934482f8b99f816c197c87850de0eac33_amd64",
"product_id": "codeready-workspaces/stacks-php-rhel8@sha256:a291af2f21a28654b30e807c9dba2e5934482f8b99f816c197c87850de0eac33_amd64",
"product_identification_helper": {
"purl": "pkg:oci/stacks-php-rhel8@sha256:a291af2f21a28654b30e807c9dba2e5934482f8b99f816c197c87850de0eac33?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/stacks-php-rhel8\u0026tag=2.1-9"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/stacks-python-rhel8@sha256:dc545739e4b10098e6b763d621289cac2316a5b9302e52f745ace752636939ef_amd64",
"product": {
"name": "codeready-workspaces/stacks-python-rhel8@sha256:dc545739e4b10098e6b763d621289cac2316a5b9302e52f745ace752636939ef_amd64",
"product_id": "codeready-workspaces/stacks-python-rhel8@sha256:dc545739e4b10098e6b763d621289cac2316a5b9302e52f745ace752636939ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/stacks-python-rhel8@sha256:dc545739e4b10098e6b763d621289cac2316a5b9302e52f745ace752636939ef?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/stacks-python-rhel8\u0026tag=2.1-5"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/theia-dev-rhel8@sha256:cd2ea2de13f288ff091b29e45c277c6f57fb1256d07089c06a16a0d4844d5ed6_amd64",
"product": {
"name": "codeready-workspaces/theia-dev-rhel8@sha256:cd2ea2de13f288ff091b29e45c277c6f57fb1256d07089c06a16a0d4844d5ed6_amd64",
"product_id": "codeready-workspaces/theia-dev-rhel8@sha256:cd2ea2de13f288ff091b29e45c277c6f57fb1256d07089c06a16a0d4844d5ed6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/theia-dev-rhel8@sha256:cd2ea2de13f288ff091b29e45c277c6f57fb1256d07089c06a16a0d4844d5ed6?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/theia-dev-rhel8\u0026tag=2.1-38"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/theia-endpoint-rhel8@sha256:4a2e07d99330ce24c2c4e722181b3d64aba9905d032f127e9fb7ada1e420eb2b_amd64",
"product": {
"name": "codeready-workspaces/theia-endpoint-rhel8@sha256:4a2e07d99330ce24c2c4e722181b3d64aba9905d032f127e9fb7ada1e420eb2b_amd64",
"product_id": "codeready-workspaces/theia-endpoint-rhel8@sha256:4a2e07d99330ce24c2c4e722181b3d64aba9905d032f127e9fb7ada1e420eb2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/theia-endpoint-rhel8@sha256:4a2e07d99330ce24c2c4e722181b3d64aba9905d032f127e9fb7ada1e420eb2b?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/theia-endpoint-rhel8\u0026tag=2.1-32"
}
}
},
{
"category": "product_version",
"name": "codeready-workspaces/theia-rhel8@sha256:815f196dff84e44adfefa1545c113c985a425feae969c68c296222a71040c120_amd64",
"product": {
"name": "codeready-workspaces/theia-rhel8@sha256:815f196dff84e44adfefa1545c113c985a425feae969c68c296222a71040c120_amd64",
"product_id": "codeready-workspaces/theia-rhel8@sha256:815f196dff84e44adfefa1545c113c985a425feae969c68c296222a71040c120_amd64",
"product_identification_helper": {
"purl": "pkg:oci/theia-rhel8@sha256:815f196dff84e44adfefa1545c113c985a425feae969c68c296222a71040c120?arch=amd64\u0026repository_url=registry.redhat.io/codeready-workspaces/theia-rhel8\u0026tag=2.1-30"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/crw-2-rhel8-operator-metadata@sha256:52d30fcac79fc7bd5fd3e03a253215e7023d422ab72e4661229e9ed09cf9ef27_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/crw-2-rhel8-operator-metadata@sha256:52d30fcac79fc7bd5fd3e03a253215e7023d422ab72e4661229e9ed09cf9ef27_amd64"
},
"product_reference": "codeready-workspaces/crw-2-rhel8-operator-metadata@sha256:52d30fcac79fc7bd5fd3e03a253215e7023d422ab72e4661229e9ed09cf9ef27_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/crw-2-rhel8-operator@sha256:45eca3d70335c8b70f5e71d31576d66fba7877d8bd2d5eb96352a1da7b2ef58f_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/crw-2-rhel8-operator@sha256:45eca3d70335c8b70f5e71d31576d66fba7877d8bd2d5eb96352a1da7b2ef58f_amd64"
},
"product_reference": "codeready-workspaces/crw-2-rhel8-operator@sha256:45eca3d70335c8b70f5e71d31576d66fba7877d8bd2d5eb96352a1da7b2ef58f_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/devfileregistry-rhel8@sha256:b811a879f331152bada0fd225ca3330d54f27596040edec5778bd4099bc14371_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/devfileregistry-rhel8@sha256:b811a879f331152bada0fd225ca3330d54f27596040edec5778bd4099bc14371_amd64"
},
"product_reference": "codeready-workspaces/devfileregistry-rhel8@sha256:b811a879f331152bada0fd225ca3330d54f27596040edec5778bd4099bc14371_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/imagepuller-rhel8@sha256:da74046d9bc142f22624c2d46da07ec22d5cf4d27b19c898390d0aa4bdce1ec0_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/imagepuller-rhel8@sha256:da74046d9bc142f22624c2d46da07ec22d5cf4d27b19c898390d0aa4bdce1ec0_amd64"
},
"product_reference": "codeready-workspaces/imagepuller-rhel8@sha256:da74046d9bc142f22624c2d46da07ec22d5cf4d27b19c898390d0aa4bdce1ec0_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/jwtproxy-rhel8@sha256:b0b31981db52f3203682f18026bcd346cee647d7ad4160e87103f276f8780ff5_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/jwtproxy-rhel8@sha256:b0b31981db52f3203682f18026bcd346cee647d7ad4160e87103f276f8780ff5_amd64"
},
"product_reference": "codeready-workspaces/jwtproxy-rhel8@sha256:b0b31981db52f3203682f18026bcd346cee647d7ad4160e87103f276f8780ff5_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/machineexec-rhel8@sha256:dac0dae1b8df99a74b42a87ad5d2976b5f1f1d864feea953ce92660b9f33ac39_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/machineexec-rhel8@sha256:dac0dae1b8df99a74b42a87ad5d2976b5f1f1d864feea953ce92660b9f33ac39_amd64"
},
"product_reference": "codeready-workspaces/machineexec-rhel8@sha256:dac0dae1b8df99a74b42a87ad5d2976b5f1f1d864feea953ce92660b9f33ac39_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/plugin-java11-rhel8@sha256:872fa606f0108bbad736bd70d588263437c728ada2ff6790981eff1703fa7a55_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/plugin-java11-rhel8@sha256:872fa606f0108bbad736bd70d588263437c728ada2ff6790981eff1703fa7a55_amd64"
},
"product_reference": "codeready-workspaces/plugin-java11-rhel8@sha256:872fa606f0108bbad736bd70d588263437c728ada2ff6790981eff1703fa7a55_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/plugin-kubernetes-rhel8@sha256:603780924977c27ccfbbb1715fd3ef3683eaea5ee867f93d25ed4c9a74514eaa_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/plugin-kubernetes-rhel8@sha256:603780924977c27ccfbbb1715fd3ef3683eaea5ee867f93d25ed4c9a74514eaa_amd64"
},
"product_reference": "codeready-workspaces/plugin-kubernetes-rhel8@sha256:603780924977c27ccfbbb1715fd3ef3683eaea5ee867f93d25ed4c9a74514eaa_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/plugin-openshift-rhel8@sha256:38202d1640cf25438ab85e5c7847917daeb0fdca040c2adf4ad8daa018a5f335_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/plugin-openshift-rhel8@sha256:38202d1640cf25438ab85e5c7847917daeb0fdca040c2adf4ad8daa018a5f335_amd64"
},
"product_reference": "codeready-workspaces/plugin-openshift-rhel8@sha256:38202d1640cf25438ab85e5c7847917daeb0fdca040c2adf4ad8daa018a5f335_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/pluginbroker-artifacts-rhel8@sha256:6e79860a0dd54fadccce26847c0dfb31d74db351e9dfce89df368d655bf27e7a_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/pluginbroker-artifacts-rhel8@sha256:6e79860a0dd54fadccce26847c0dfb31d74db351e9dfce89df368d655bf27e7a_amd64"
},
"product_reference": "codeready-workspaces/pluginbroker-artifacts-rhel8@sha256:6e79860a0dd54fadccce26847c0dfb31d74db351e9dfce89df368d655bf27e7a_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/pluginbroker-metadata-rhel8@sha256:27d339688c21a34e5edfe9329bcf9a5bed1230bf322170d410a7fa80ee910593_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/pluginbroker-metadata-rhel8@sha256:27d339688c21a34e5edfe9329bcf9a5bed1230bf322170d410a7fa80ee910593_amd64"
},
"product_reference": "codeready-workspaces/pluginbroker-metadata-rhel8@sha256:27d339688c21a34e5edfe9329bcf9a5bed1230bf322170d410a7fa80ee910593_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/pluginregistry-rhel8@sha256:e8187d1f68bba7f17898e341cd0b89b10c9363e31ed558b0713d2367e2669618_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/pluginregistry-rhel8@sha256:e8187d1f68bba7f17898e341cd0b89b10c9363e31ed558b0713d2367e2669618_amd64"
},
"product_reference": "codeready-workspaces/pluginregistry-rhel8@sha256:e8187d1f68bba7f17898e341cd0b89b10c9363e31ed558b0713d2367e2669618_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/server-rhel8@sha256:2d87f9ef09138a692c9a09c2b24ddfa3377cc74501a34c142dafd3e08babd650_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/server-rhel8@sha256:2d87f9ef09138a692c9a09c2b24ddfa3377cc74501a34c142dafd3e08babd650_amd64"
},
"product_reference": "codeready-workspaces/server-rhel8@sha256:2d87f9ef09138a692c9a09c2b24ddfa3377cc74501a34c142dafd3e08babd650_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/stacks-cpp-rhel8@sha256:191d0fcf5983e2901fd3d92d27af760ab3e9924bbad8dbc7d45dd0103de89480_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/stacks-cpp-rhel8@sha256:191d0fcf5983e2901fd3d92d27af760ab3e9924bbad8dbc7d45dd0103de89480_amd64"
},
"product_reference": "codeready-workspaces/stacks-cpp-rhel8@sha256:191d0fcf5983e2901fd3d92d27af760ab3e9924bbad8dbc7d45dd0103de89480_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/stacks-dotnet-rhel8@sha256:9a5ef2fec22979ccaab3574c5fc0761262b165bf0c5ac49d078b2069d84d9f08_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/stacks-dotnet-rhel8@sha256:9a5ef2fec22979ccaab3574c5fc0761262b165bf0c5ac49d078b2069d84d9f08_amd64"
},
"product_reference": "codeready-workspaces/stacks-dotnet-rhel8@sha256:9a5ef2fec22979ccaab3574c5fc0761262b165bf0c5ac49d078b2069d84d9f08_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/stacks-golang-rhel8@sha256:9e8bfc4dda750dbc82a7dac2583cf8b0ee04cc1525b9178aa0b52dae4bc4bc72_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/stacks-golang-rhel8@sha256:9e8bfc4dda750dbc82a7dac2583cf8b0ee04cc1525b9178aa0b52dae4bc4bc72_amd64"
},
"product_reference": "codeready-workspaces/stacks-golang-rhel8@sha256:9e8bfc4dda750dbc82a7dac2583cf8b0ee04cc1525b9178aa0b52dae4bc4bc72_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/stacks-java-rhel8@sha256:e73cb6bd61cb5578f3317ffe52dd1be0b460d5b8a3f0cee278070203e422c6aa_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/stacks-java-rhel8@sha256:e73cb6bd61cb5578f3317ffe52dd1be0b460d5b8a3f0cee278070203e422c6aa_amd64"
},
"product_reference": "codeready-workspaces/stacks-java-rhel8@sha256:e73cb6bd61cb5578f3317ffe52dd1be0b460d5b8a3f0cee278070203e422c6aa_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/stacks-node-rhel8@sha256:d1a9e5d6d9b5fd7de3342db00fa2ed3b883241eca1182044b22c8d05745c298d_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/stacks-node-rhel8@sha256:d1a9e5d6d9b5fd7de3342db00fa2ed3b883241eca1182044b22c8d05745c298d_amd64"
},
"product_reference": "codeready-workspaces/stacks-node-rhel8@sha256:d1a9e5d6d9b5fd7de3342db00fa2ed3b883241eca1182044b22c8d05745c298d_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/stacks-php-rhel8@sha256:a291af2f21a28654b30e807c9dba2e5934482f8b99f816c197c87850de0eac33_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/stacks-php-rhel8@sha256:a291af2f21a28654b30e807c9dba2e5934482f8b99f816c197c87850de0eac33_amd64"
},
"product_reference": "codeready-workspaces/stacks-php-rhel8@sha256:a291af2f21a28654b30e807c9dba2e5934482f8b99f816c197c87850de0eac33_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/stacks-python-rhel8@sha256:dc545739e4b10098e6b763d621289cac2316a5b9302e52f745ace752636939ef_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/stacks-python-rhel8@sha256:dc545739e4b10098e6b763d621289cac2316a5b9302e52f745ace752636939ef_amd64"
},
"product_reference": "codeready-workspaces/stacks-python-rhel8@sha256:dc545739e4b10098e6b763d621289cac2316a5b9302e52f745ace752636939ef_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/theia-dev-rhel8@sha256:cd2ea2de13f288ff091b29e45c277c6f57fb1256d07089c06a16a0d4844d5ed6_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/theia-dev-rhel8@sha256:cd2ea2de13f288ff091b29e45c277c6f57fb1256d07089c06a16a0d4844d5ed6_amd64"
},
"product_reference": "codeready-workspaces/theia-dev-rhel8@sha256:cd2ea2de13f288ff091b29e45c277c6f57fb1256d07089c06a16a0d4844d5ed6_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/theia-endpoint-rhel8@sha256:4a2e07d99330ce24c2c4e722181b3d64aba9905d032f127e9fb7ada1e420eb2b_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/theia-endpoint-rhel8@sha256:4a2e07d99330ce24c2c4e722181b3d64aba9905d032f127e9fb7ada1e420eb2b_amd64"
},
"product_reference": "codeready-workspaces/theia-endpoint-rhel8@sha256:4a2e07d99330ce24c2c4e722181b3d64aba9905d032f127e9fb7ada1e420eb2b_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "codeready-workspaces/theia-rhel8@sha256:815f196dff84e44adfefa1545c113c985a425feae969c68c296222a71040c120_amd64 as a component of Red Hat CodeReady Workspaces Containers 2.0",
"product_id": "8Base-CRW-2.0:codeready-workspaces/theia-rhel8@sha256:815f196dff84e44adfefa1545c113c985a425feae969c68c296222a71040c120_amd64"
},
"product_reference": "codeready-workspaces/theia-rhel8@sha256:815f196dff84e44adfefa1545c113c985a425feae969c68c296222a71040c120_amd64",
"relates_to_product_reference": "8Base-CRW-2.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mario Loriedo"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10689",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Eclipse Che, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "che: pods in kubernetes cluster can bypass JWT proxy and send unauthenticated requests to workspace pods",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CRW-2.0:codeready-workspaces/crw-2-rhel8-operator-metadata@sha256:52d30fcac79fc7bd5fd3e03a253215e7023d422ab72e4661229e9ed09cf9ef27_amd64",
"8Base-CRW-2.0:codeready-workspaces/crw-2-rhel8-operator@sha256:45eca3d70335c8b70f5e71d31576d66fba7877d8bd2d5eb96352a1da7b2ef58f_amd64",
"8Base-CRW-2.0:codeready-workspaces/devfileregistry-rhel8@sha256:b811a879f331152bada0fd225ca3330d54f27596040edec5778bd4099bc14371_amd64",
"8Base-CRW-2.0:codeready-workspaces/imagepuller-rhel8@sha256:da74046d9bc142f22624c2d46da07ec22d5cf4d27b19c898390d0aa4bdce1ec0_amd64",
"8Base-CRW-2.0:codeready-workspaces/jwtproxy-rhel8@sha256:b0b31981db52f3203682f18026bcd346cee647d7ad4160e87103f276f8780ff5_amd64",
"8Base-CRW-2.0:codeready-workspaces/machineexec-rhel8@sha256:dac0dae1b8df99a74b42a87ad5d2976b5f1f1d864feea953ce92660b9f33ac39_amd64",
"8Base-CRW-2.0:codeready-workspaces/plugin-java11-rhel8@sha256:872fa606f0108bbad736bd70d588263437c728ada2ff6790981eff1703fa7a55_amd64",
"8Base-CRW-2.0:codeready-workspaces/plugin-kubernetes-rhel8@sha256:603780924977c27ccfbbb1715fd3ef3683eaea5ee867f93d25ed4c9a74514eaa_amd64",
"8Base-CRW-2.0:codeready-workspaces/plugin-openshift-rhel8@sha256:38202d1640cf25438ab85e5c7847917daeb0fdca040c2adf4ad8daa018a5f335_amd64",
"8Base-CRW-2.0:codeready-workspaces/pluginbroker-artifacts-rhel8@sha256:6e79860a0dd54fadccce26847c0dfb31d74db351e9dfce89df368d655bf27e7a_amd64",
"8Base-CRW-2.0:codeready-workspaces/pluginbroker-metadata-rhel8@sha256:27d339688c21a34e5edfe9329bcf9a5bed1230bf322170d410a7fa80ee910593_amd64",
"8Base-CRW-2.0:codeready-workspaces/pluginregistry-rhel8@sha256:e8187d1f68bba7f17898e341cd0b89b10c9363e31ed558b0713d2367e2669618_amd64",
"8Base-CRW-2.0:codeready-workspaces/server-rhel8@sha256:2d87f9ef09138a692c9a09c2b24ddfa3377cc74501a34c142dafd3e08babd650_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-cpp-rhel8@sha256:191d0fcf5983e2901fd3d92d27af760ab3e9924bbad8dbc7d45dd0103de89480_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-dotnet-rhel8@sha256:9a5ef2fec22979ccaab3574c5fc0761262b165bf0c5ac49d078b2069d84d9f08_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-golang-rhel8@sha256:9e8bfc4dda750dbc82a7dac2583cf8b0ee04cc1525b9178aa0b52dae4bc4bc72_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-java-rhel8@sha256:e73cb6bd61cb5578f3317ffe52dd1be0b460d5b8a3f0cee278070203e422c6aa_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-node-rhel8@sha256:d1a9e5d6d9b5fd7de3342db00fa2ed3b883241eca1182044b22c8d05745c298d_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-php-rhel8@sha256:a291af2f21a28654b30e807c9dba2e5934482f8b99f816c197c87850de0eac33_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-python-rhel8@sha256:dc545739e4b10098e6b763d621289cac2316a5b9302e52f745ace752636939ef_amd64",
"8Base-CRW-2.0:codeready-workspaces/theia-dev-rhel8@sha256:cd2ea2de13f288ff091b29e45c277c6f57fb1256d07089c06a16a0d4844d5ed6_amd64",
"8Base-CRW-2.0:codeready-workspaces/theia-endpoint-rhel8@sha256:4a2e07d99330ce24c2c4e722181b3d64aba9905d032f127e9fb7ada1e420eb2b_amd64",
"8Base-CRW-2.0:codeready-workspaces/theia-rhel8@sha256:815f196dff84e44adfefa1545c113c985a425feae969c68c296222a71040c120_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10689"
},
{
"category": "external",
"summary": "RHBZ#1816789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10689",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10689"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10689",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10689"
}
],
"release_date": "2020-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-14T19:26:29+00:00",
"details": "To start using CodeReady Workspaces, download and install it using the instructions provided in the Red Hat CodeReady Workspaces Installation Guide linked from the References section.",
"product_ids": [
"8Base-CRW-2.0:codeready-workspaces/crw-2-rhel8-operator-metadata@sha256:52d30fcac79fc7bd5fd3e03a253215e7023d422ab72e4661229e9ed09cf9ef27_amd64",
"8Base-CRW-2.0:codeready-workspaces/crw-2-rhel8-operator@sha256:45eca3d70335c8b70f5e71d31576d66fba7877d8bd2d5eb96352a1da7b2ef58f_amd64",
"8Base-CRW-2.0:codeready-workspaces/devfileregistry-rhel8@sha256:b811a879f331152bada0fd225ca3330d54f27596040edec5778bd4099bc14371_amd64",
"8Base-CRW-2.0:codeready-workspaces/imagepuller-rhel8@sha256:da74046d9bc142f22624c2d46da07ec22d5cf4d27b19c898390d0aa4bdce1ec0_amd64",
"8Base-CRW-2.0:codeready-workspaces/jwtproxy-rhel8@sha256:b0b31981db52f3203682f18026bcd346cee647d7ad4160e87103f276f8780ff5_amd64",
"8Base-CRW-2.0:codeready-workspaces/machineexec-rhel8@sha256:dac0dae1b8df99a74b42a87ad5d2976b5f1f1d864feea953ce92660b9f33ac39_amd64",
"8Base-CRW-2.0:codeready-workspaces/plugin-java11-rhel8@sha256:872fa606f0108bbad736bd70d588263437c728ada2ff6790981eff1703fa7a55_amd64",
"8Base-CRW-2.0:codeready-workspaces/plugin-kubernetes-rhel8@sha256:603780924977c27ccfbbb1715fd3ef3683eaea5ee867f93d25ed4c9a74514eaa_amd64",
"8Base-CRW-2.0:codeready-workspaces/plugin-openshift-rhel8@sha256:38202d1640cf25438ab85e5c7847917daeb0fdca040c2adf4ad8daa018a5f335_amd64",
"8Base-CRW-2.0:codeready-workspaces/pluginbroker-artifacts-rhel8@sha256:6e79860a0dd54fadccce26847c0dfb31d74db351e9dfce89df368d655bf27e7a_amd64",
"8Base-CRW-2.0:codeready-workspaces/pluginbroker-metadata-rhel8@sha256:27d339688c21a34e5edfe9329bcf9a5bed1230bf322170d410a7fa80ee910593_amd64",
"8Base-CRW-2.0:codeready-workspaces/pluginregistry-rhel8@sha256:e8187d1f68bba7f17898e341cd0b89b10c9363e31ed558b0713d2367e2669618_amd64",
"8Base-CRW-2.0:codeready-workspaces/server-rhel8@sha256:2d87f9ef09138a692c9a09c2b24ddfa3377cc74501a34c142dafd3e08babd650_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-cpp-rhel8@sha256:191d0fcf5983e2901fd3d92d27af760ab3e9924bbad8dbc7d45dd0103de89480_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-dotnet-rhel8@sha256:9a5ef2fec22979ccaab3574c5fc0761262b165bf0c5ac49d078b2069d84d9f08_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-golang-rhel8@sha256:9e8bfc4dda750dbc82a7dac2583cf8b0ee04cc1525b9178aa0b52dae4bc4bc72_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-java-rhel8@sha256:e73cb6bd61cb5578f3317ffe52dd1be0b460d5b8a3f0cee278070203e422c6aa_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-node-rhel8@sha256:d1a9e5d6d9b5fd7de3342db00fa2ed3b883241eca1182044b22c8d05745c298d_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-php-rhel8@sha256:a291af2f21a28654b30e807c9dba2e5934482f8b99f816c197c87850de0eac33_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-python-rhel8@sha256:dc545739e4b10098e6b763d621289cac2316a5b9302e52f745ace752636939ef_amd64",
"8Base-CRW-2.0:codeready-workspaces/theia-dev-rhel8@sha256:cd2ea2de13f288ff091b29e45c277c6f57fb1256d07089c06a16a0d4844d5ed6_amd64",
"8Base-CRW-2.0:codeready-workspaces/theia-endpoint-rhel8@sha256:4a2e07d99330ce24c2c4e722181b3d64aba9905d032f127e9fb7ada1e420eb2b_amd64",
"8Base-CRW-2.0:codeready-workspaces/theia-rhel8@sha256:815f196dff84e44adfefa1545c113c985a425feae969c68c296222a71040c120_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1475"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-CRW-2.0:codeready-workspaces/crw-2-rhel8-operator-metadata@sha256:52d30fcac79fc7bd5fd3e03a253215e7023d422ab72e4661229e9ed09cf9ef27_amd64",
"8Base-CRW-2.0:codeready-workspaces/crw-2-rhel8-operator@sha256:45eca3d70335c8b70f5e71d31576d66fba7877d8bd2d5eb96352a1da7b2ef58f_amd64",
"8Base-CRW-2.0:codeready-workspaces/devfileregistry-rhel8@sha256:b811a879f331152bada0fd225ca3330d54f27596040edec5778bd4099bc14371_amd64",
"8Base-CRW-2.0:codeready-workspaces/imagepuller-rhel8@sha256:da74046d9bc142f22624c2d46da07ec22d5cf4d27b19c898390d0aa4bdce1ec0_amd64",
"8Base-CRW-2.0:codeready-workspaces/jwtproxy-rhel8@sha256:b0b31981db52f3203682f18026bcd346cee647d7ad4160e87103f276f8780ff5_amd64",
"8Base-CRW-2.0:codeready-workspaces/machineexec-rhel8@sha256:dac0dae1b8df99a74b42a87ad5d2976b5f1f1d864feea953ce92660b9f33ac39_amd64",
"8Base-CRW-2.0:codeready-workspaces/plugin-java11-rhel8@sha256:872fa606f0108bbad736bd70d588263437c728ada2ff6790981eff1703fa7a55_amd64",
"8Base-CRW-2.0:codeready-workspaces/plugin-kubernetes-rhel8@sha256:603780924977c27ccfbbb1715fd3ef3683eaea5ee867f93d25ed4c9a74514eaa_amd64",
"8Base-CRW-2.0:codeready-workspaces/plugin-openshift-rhel8@sha256:38202d1640cf25438ab85e5c7847917daeb0fdca040c2adf4ad8daa018a5f335_amd64",
"8Base-CRW-2.0:codeready-workspaces/pluginbroker-artifacts-rhel8@sha256:6e79860a0dd54fadccce26847c0dfb31d74db351e9dfce89df368d655bf27e7a_amd64",
"8Base-CRW-2.0:codeready-workspaces/pluginbroker-metadata-rhel8@sha256:27d339688c21a34e5edfe9329bcf9a5bed1230bf322170d410a7fa80ee910593_amd64",
"8Base-CRW-2.0:codeready-workspaces/pluginregistry-rhel8@sha256:e8187d1f68bba7f17898e341cd0b89b10c9363e31ed558b0713d2367e2669618_amd64",
"8Base-CRW-2.0:codeready-workspaces/server-rhel8@sha256:2d87f9ef09138a692c9a09c2b24ddfa3377cc74501a34c142dafd3e08babd650_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-cpp-rhel8@sha256:191d0fcf5983e2901fd3d92d27af760ab3e9924bbad8dbc7d45dd0103de89480_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-dotnet-rhel8@sha256:9a5ef2fec22979ccaab3574c5fc0761262b165bf0c5ac49d078b2069d84d9f08_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-golang-rhel8@sha256:9e8bfc4dda750dbc82a7dac2583cf8b0ee04cc1525b9178aa0b52dae4bc4bc72_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-java-rhel8@sha256:e73cb6bd61cb5578f3317ffe52dd1be0b460d5b8a3f0cee278070203e422c6aa_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-node-rhel8@sha256:d1a9e5d6d9b5fd7de3342db00fa2ed3b883241eca1182044b22c8d05745c298d_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-php-rhel8@sha256:a291af2f21a28654b30e807c9dba2e5934482f8b99f816c197c87850de0eac33_amd64",
"8Base-CRW-2.0:codeready-workspaces/stacks-python-rhel8@sha256:dc545739e4b10098e6b763d621289cac2316a5b9302e52f745ace752636939ef_amd64",
"8Base-CRW-2.0:codeready-workspaces/theia-dev-rhel8@sha256:cd2ea2de13f288ff091b29e45c277c6f57fb1256d07089c06a16a0d4844d5ed6_amd64",
"8Base-CRW-2.0:codeready-workspaces/theia-endpoint-rhel8@sha256:4a2e07d99330ce24c2c4e722181b3d64aba9905d032f127e9fb7ada1e420eb2b_amd64",
"8Base-CRW-2.0:codeready-workspaces/theia-rhel8@sha256:815f196dff84e44adfefa1545c113c985a425feae969c68c296222a71040c120_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "che: pods in kubernetes cluster can bypass JWT proxy and send unauthenticated requests to workspace pods"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…