CVE-2018-10937
MEDIUMOpenShift Container Platform 3.11 - Cross-Site Scripting in Tectonic Console
Title source: llmDescription
A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.
References (4)
Core 4
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105190
Third Party Advisory x_refsource_confirm
https://github.com/openshift/console/pull/461
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c
Scores
CVSS v3
4.6
EPSS
0.0108
EPSS Percentile
61.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-79
Status
published
Products (1)
redhat/openshift_container_platform
3.11
Published
Sep 11, 2018
Tracked Since
Feb 18, 2026