CVE-2020-10706

MEDIUM Year: 2020
CVSS v3 Score
6.6
Medium
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-312
View all →

Vulnerability Description

A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid.

Related Vulnerabilities

CVE-2024-23584

MEDIUM
CVSS:6.6(Medium)

The NMAP Importer service​ may expose data store credentials to authorized users of the Windows Registry.

CWE-3122024

CVE-2024-28810

MEDIUM
CVSS:6.6(Medium)

An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing...

CWE-3122024

CVE-2024-41629

MEDIUM
CVSS:6.6(Medium)

An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials

CWE-3122024

CVE-2016-3192

MEDIUM
CVSS:6.5(Medium)

Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.

CWE-3122016

CVE-2017-14990

MEDIUM
CVSS:6.5(Medium)

WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack un...

CWE-3122017

CVE-2018-11242

MEDIUM
CVSS:6.5(Medium)

An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as dem...

CWE-3122018