CVE-2018-10937
4.6
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Summary
A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Openshift Container Platform | 3.11 | affected |
Weaknesses
- CWE-79: CWE-79
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937
- http://www.securityfocus.com/bid/105190
- https://github.com/openshift/console/pull/461
- https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937
- http://www.securityfocus.com/bid/105190
- https://github.com/openshift/console/pull/461
- https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.