CVE-2018-10937 Information

Description

A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.securityfocus.com/bid/105190 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937 https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c https://github.com/openshift/console/pull/461

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4