Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-10937

A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.

Published

2018-09-11T16:29:00.230

Last Modified

2024-11-21T03:42:20.923

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.6 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	openshift_container_platform	3.11	Yes

References

http://www.securityfocus.com/bid/105190 Third Party Advisory, VDB Entry ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937 Issue Tracking, Third Party Advisory ([email protected])
https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c Exploit, Third Party Advisory ([email protected])
https://github.com/openshift/console/pull/461 Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/105190 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/openshift/console/pull/461 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)