Bug 1622372 (CVE-2018-10937) - CVE-2018-10937 tectonic-console: XSS Vulnerability in K8s API proxy
Summary: CVE-2018-10937 tectonic-console: XSS Vulnerability in K8s API proxy
Status: CLOSED NOTABUG
Alias: CVE-2018-10937
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20180827,repor...
Keywords: Security
Depends On: 1622373
Blocks: 1619496
TreeView+ depends on / blocked
 
Reported: 2018-08-27 00:30 UTC by Jason Shepherd
Modified: 2019-06-08 23:33 UTC (History)
13 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2019-03-28 15:08:56 UTC


Attachments (Terms of Use)

Description Jason Shepherd 2018-08-27 00:30:05 UTC
A XSS flaw exists in the tetonic-console component of Openshift Container Platfrom 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.

Comment 3 Jason Shepherd 2018-08-27 00:51:19 UTC
Acknowledgments:

Name: Sam Padgett (Red Hat)

Comment 8 Jason Shepherd 2019-03-28 01:14:38 UTC
This vulnerability was fixed prior to the release of OpenShift 3.11, so the initial release of that version was not affected.


Note You need to log in before you can comment on or make changes to this bug.