CVE-2020-10689 is a vulnerability in Eclipse Che
Published on April 3, 2020

A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

HIGH

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE-2020-10689 has been classified to as an AuthZ vulnerability or weakness.

Products Associated with CVE-2020-10689

Want to know whenever a new CVE is published for Eclipse Che? stack.watch will email you.

Eclipse Che

Affected Versions

Red Hat Eclipse Che Version 7.8.x is affected by CVE-2020-10689

Exploit Probability

EPSS

0.08%

Percentile

23.00%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-10689 is a vulnerability in Eclipse ChePublished on April 3, 2020

Vulnerability Analysis

Weakness Type

What is an AuthZ Vulnerability?

Products Associated with CVE-2020-10689

Affected Versions

Exploit Probability

CVE-2020-10689 is a vulnerability in Eclipse Che
Published on April 3, 2020