CVE-2017-7534

MEDIUM

OpenShift Enterprise 3.x - Stored Cross-Site Scripting via Pod Log Viewer

Title source: llm
STIX 2.1

Description

OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103754
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1443003

Scores

CVSS v3 5.4
EPSS 0.0056
EPSS Percentile 42.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (9)
redhat/openshift 3.0
redhat/openshift 3.1
redhat/openshift 3.2
redhat/openshift 3.3
redhat/openshift 3.4
redhat/openshift 3.5
redhat/openshift 3.6
redhat/openshift 3.7
redhat/openshift 3.9
Published Apr 11, 2018
Tracked Since Feb 18, 2026