Auto-merge PR#3513

2025-08-04 08:44:25 +00:00 · 2020-04-03 10:30:16 -04:00 · 2020-04-03 10:30:16 -04:00 · 0e4e40a18f
commit 0e4e40a18f
parent e19b5a2fa9 7a64752ebf
1 changed files with 61 additions and 3 deletions
--- a/2020/10xxx/CVE-2020-10689.json
+++ b/2020/10xxx/CVE-2020-10689.json
@ -4,15 +4,73 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2020-10689",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "gsuckevi@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Red Hat",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Eclipse Che",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "7.8.x"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-862"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10689",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10689",
+                "refsource": "CONFIRM"
+            },
+            {
+                "url": "https://github.com/eclipse/che/issues/15651",
+                "name": "https://github.com/eclipse/che/issues/15651",
+                "refsource": "MISC"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod."
            }
        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "6.4/CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
+                    "version": "3.0"
+                }
+            ]
+        ]
    }
 }