CVE-2018-8728 Information

Description

server/app/views/static/code.html in Kontena before 1.5.0 allows XSS in \kontena master login –remote\ code display as demonstrated by /codecode= in a URI.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/kontena/kontena/pull/3223 https://github.com/kontena/kontena/releases/tag/v1.5.0 https://lgtm.com/projects/g/kontena/kontena/rev/06a7a06e65a5ef0dada14faee2ae20388b87c1fe

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1