{"api_version":"1","generated_at":"2026-04-22T21:27:00+00:00","cve":"CVE-2020-10689","urls":{"html":"https://cve.report/CVE-2020-10689","api":"https://cve.report/api/cve/CVE-2020-10689.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-10689","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-10689"},"summary":{"title":"CVE-2020-10689","description":"A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-04-03 15:15:00","updated_at":"2023-11-07 03:14:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://github.com/eclipse/che/issues/15651","name":"https://github.com/eclipse/che/issues/15651","refsource":"MISC","tags":["Exploit","Issue Tracking","Third Party Advisory"],"title":"Improve isolation of Che theia and che-machine-exec components · Issue #15651 · eclipse/che · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10689","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10689","refsource":"CONFIRM","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"1816789 – (CVE-2020-10689) CVE-2020-10689 che: pods in kubernetes cluster can bypass JWT proxy and send unauthenticated requests to workspace pods","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-10689","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10689","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"10689","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"eclipse","cpe5":"che","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"10689","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"eclipse","cpe5":"che","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-10689","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"Eclipse Che","version":{"version_data":[{"version_value":"7.8.x"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-862"}]}]},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10689","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10689","refsource":"CONFIRM"},{"url":"https://github.com/eclipse/che/issues/15651","name":"https://github.com/eclipse/che/issues/15651","refsource":"MISC"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod."}]},"impact":{"cvss":[[{"vectorString":"6.4/CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.0"}]]}},"nvd":{"publishedDate":"2020-04-03 15:15:00","lastModifiedDate":"2023-11-07 03:14:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:A/AC:M/Au:S/C:P/I:P/A:P","accessVector":"ADJACENT_NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.9},"severity":"MEDIUM","exploitabilityScore":4.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:eclipse:che:*:*:*:*:*:*:*:*","versionEndExcluding":"7.9.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"10689","Ordinal":"171129","Title":"CVE-2020-10689","CVE":"CVE-2020-10689","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"10689","Ordinal":"1","NoteData":"A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"10689","Ordinal":"2","NoteData":"2020-04-03","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"10689","Ordinal":"3","NoteData":"2020-04-03","Type":"Other","Title":"Modified"}]}}}