A XSS flaw exists in the tetonic-console component of Openshift Container Platfrom 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.
Acknowledgments: Name: Sam Padgett (Red Hat)
References: https://github.com/openshift/console/pull/461 Upstream fix: https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c
This vulnerability was fixed prior to the release of OpenShift 3.11, so the initial release of that version was not affected.