CVE-2020-15391
npm/devspace
Improper Authentication
The UI in DevSpace allows web-sites to execute actions on pods (on behalf of a victim) because of a lack of authentication for the WebSocket protocol. This leads to remote code execution.
All versions before 4.14.0
Upgrade to version 4.14.0 or above.
2020-07-29
source |