Vulnerability Description
A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift Container Platform | 3.11 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105190Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937Issue TrackingThird Party Advisory
- https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66dExploitThird Party Advisory
- https://github.com/openshift/console/pull/461Third Party Advisory
- http://www.securityfocus.com/bid/105190Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937Issue TrackingThird Party Advisory
- https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66dExploitThird Party Advisory
- https://github.com/openshift/console/pull/461Third Party Advisory
FAQ
What is CVE-2018-10937?
CVE-2018-10937 is a vulnerability with a CVSS score of 4.6 (MEDIUM). A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s AP...
How severe is CVE-2018-10937?
CVE-2018-10937 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10937?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift Container Platform.