{
  "threat_severity" : "Important",
  "public_date" : "2019-10-29T00:00:00Z",
  "bugzilla" : {
    "description" : "syndesis: default CORS configuration is allow all",
    "id" : "1761912",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1761912"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.4",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-942",
  "details" : [ "It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.", "It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information." ],
  "acknowledgement" : "This issue was discovered by Jeremy Choi (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat Fuse 7.4.1",
    "release_date" : "2019-10-29T00:00:00Z",
    "advisory" : "RHSA-2019:3244",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7",
    "package" : "syndesis-server"
  }, {
    "product_name" : "Red Hat Fuse 7.5.0",
    "release_date" : "2019-11-14T00:00:00Z",
    "advisory" : "RHSA-2019:3892",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7",
    "package" : "syndesis-server"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-14860\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14860" ],
  "name" : "CVE-2019-14860",
  "csaw" : false
}