{"id":"CVE-2019-10176","details":"A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack.","modified":"2026-03-15T22:27:49.454476Z","published":"2019-08-02T15:15:11.803Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:4053"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2792"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10176"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10176.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.11"}]},{"events":[{"introduced":"0"},{"last_affected":"4.1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}]}