Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
授权机制缺失
Vulnerability Title
Eclipse Che 安全漏洞
Vulnerability Description
Eclipse Che是Eclipse基金会的一套基于Java的开源在线集成开发环境(IDE)。 Eclipse Che 7.8.x及之前版本中存在安全漏洞,该漏洞源于程序没有适当地限制对工作区容器组的访问。攻击者可利用该漏洞绕过JWT代理并获得对另一个用户的工作区容器组的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A