PT-2018-8399 · Red Hat · Openshift Enterprise

Published

2018-04-11

Updated

2019-10-09

CVE-2017-7534

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OpenShift Enterprise versions 3.x

Description The issue is related to a stored XSS flaw in the log viewer for pods, caused by the lack of sanitation of user input, specifically terminal escape characters. This leads to the automatic creation of clickable links when viewing log files for a pod.

Recommendations For OpenShift Enterprise versions 3.x, consider disabling the log viewer for pods until a fix is available, or restrict the creation of clickable links in log files to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-7534

Affected Products

Openshift Enterprise

PT-2018-8399 · Red Hat · Openshift Enterprise

CVE-2017-7534

Weakness Enumeration

Related Identifiers

Affected Products

References · 4