CVE-2018-10937

Published: Sep 11, 2018Modified: Nov 21, 2024

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.

Affected (1)

Products: Redhat: Openshift Container Platform

Redhat

1 product

Openshift Container Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift Container Platform	Version 3.11

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

http://www.securityfocus.com/bid/105190

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c

Source: secalert@redhat.com

ExploitThird Party Advisory

https://github.com/openshift/console/pull/461

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/105190

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/openshift/console/pull/461

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.