CVE-2018-10937 — Cross-site Scripting in RED HAT Openshift Container Platform

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.4MEDIUMNVD

CNA4.6

EPSS

0.3%

top 44.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT Openshift Container Platform Redhat Openshift Container Platform

Timeline

PublishedSep 11

Latest updateMay 13

Description

A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5red_hat/openshift_container_platform3.11

Also affects: Openshift Container Platform 3.11

🔴Vulnerability Details

GHSA

GHSA-7874-f8pp-9q35: A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3↗2022-05-13

▶

CVEList

CVE-2018-10937: A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3↗2018-09-11

▶

📋Vendor Advisories

Red Hat

tectonic-console: XSS Vulnerability in K8s API proxy↗2018-08-27

▶

💬Community

Bugzilla

CVE-2018-10937 tectonic-console: XSS Vulnerability in K8s API proxy↗2018-08-27

▶