← Back

CVE-2017-7534

nvd nist
Published: Apr 11, 2018Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.

Affected (9)

Products: Redhat: Openshift
Redhat
1 product
Openshift
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Openshift
Version 3.0
Openshift
Version 3.1
Openshift
Version 3.2
Openshift
Version 3.3
Openshift
Version 3.4
Openshift
Version 3.5
Openshift
Version 3.6
Openshift
Version 3.7
Openshift
Version 3.9

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking

Timeline

No history available yet.