CVE-2017-7534 — Cross-site Scripting in HAT INC Openshift

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 61.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT INC Openshift Redhat Openshift

Timeline

PublishedApr 11

Latest updateMay 13

Description

OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDredhat/openshift9 versions+8

▶CVEListV5red_hat_inc/openshift3.x

🔴Vulnerability Details

GHSA

GHSA-7wp7-h784-jvqx: OpenShift Enterprise version 3↗2022-05-13

▶

CVEList

CVE-2017-7534: OpenShift Enterprise version 3↗2018-04-11

▶

📋Vendor Advisories

Red Hat

openshift: XSS in log viewer for a pod↗2018-04-10

▶

💬Community

Bugzilla

CVE-2017-7534 openshift: XSS in log viewer for a pod↗2017-04-18

▶