CVE-2017-7534
MEDIUMOpenShift Enterprise 3.x - Stored Cross-Site Scripting via Pod Log Viewer
Title source: llmDescription
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103754
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1443003
Scores
CVSS v3
5.4
EPSS
0.0056
EPSS Percentile
42.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (9)
redhat/openshift
3.0
redhat/openshift
3.1
redhat/openshift
3.2
redhat/openshift
3.3
redhat/openshift
3.4
redhat/openshift
3.5
redhat/openshift
3.6
redhat/openshift
3.7
redhat/openshift
3.9
Published
Apr 11, 2018
Tracked Since
Feb 18, 2026