Vulnerability Details CVE-2018-10937
A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.8%
CVSS Severity
CVSS v3 Score 4.6
CVSS v2 Score 3.5
References
- http://www.securityfocus.com/bid/105190
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937
- https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c
- https://github.com/openshift/console/pull/461
- http://www.securityfocus.com/bid/105190
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937
- https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c
- https://github.com/openshift/console/pull/461
Products affected by CVE-2018-10937
-
cpe:2.3:a:redhat:openshift_container_platform:3.11