PT-2018-10195 · Red Hat+1 · Tetonic-Console+2

Jason Shepherd

Published

2018-09-11

Updated

2019-10-09

CVE-2018-10937

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Openshift Container Platform version 3.11

Description A cross-site scripting flaw exists in the tetonic-console component. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.

Recommendations For Openshift Container Platform version 3.11, consider restricting access to the tetonic-console component until a fix is available. As a temporary workaround, limit the ability to create pods to trusted users to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-10937

Affected Products

K8S Api

Openshift Container Platform

Tetonic-Console

PT-2018-10195 · Red Hat+1 · Tetonic-Console+2

CVE-2018-10937

Weakness Enumeration

Related Identifiers

Affected Products

References · 6