PT-2018-10195 · Red Hat+1 · Tetonic-Console+2

Jason Shepherd

Publicado

2018-09-11

Atualizado

2019-10-09

CVE-2018-10937

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Openshift Container Platform version 3.11

Description A cross-site scripting flaw exists in the tetonic-console component. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.

Recommendations For Openshift Container Platform version 3.11, consider restricting access to the tetonic-console component until a fix is available. As a temporary workaround, limit the ability to create pods to trusted users to minimize the risk of exploitation.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-10937

Produtos afetados

K8S Api

Openshift Container Platform

Tetonic-Console

PT-2018-10195 · Red Hat+1 · Tetonic-Console+2

CVE-2018-10937

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6