x/vulndb: potential Go vuln in github.com/openshift/origin-web-console: CVE-2020-10715

[tatianab]

CVE-2020-10715 references github.com/openshift/origin-web-console, which may be a Go module.

Description:
A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2020-10715
• fix: Update error message handling openshift/origin-web-console#3173
• web: https://bugzilla.redhat.com/show_bug.cgi?id=1767665
• Imported by: https://pkg.go.dev/github.com/openshift/origin-web-console?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/openshift/origin-web-console
      vulnerable_at: 3.11.0+incompatible
      packages:
        - package: openshift/console
cves:
    - CVE-2020-10715
references:
    - fix: https://github.com/openshift/origin-web-console/pull/3173
    - web: https://bugzilla.redhat.com/show_bug.cgi?id=1767665

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports