CVE-2017-7534

Опубликовано: 11 апр. 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.

Ссылки

http://www.securityfocus.com/bid/103754
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1443003
Issue Tracking
http://www.securityfocus.com/bid/103754
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1443003
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*

cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*

cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*

cpe:2.3:a:redhat:openshift:3.4:*:*:*:enterprise:*:*:*

cpe:2.3:a:redhat:openshift:3.5:*:*:*:enterprise:*:*:*

cpe:2.3:a:redhat:openshift:3.6:*:*:*:enterprise:*:*:*

cpe:2.3:a:redhat:openshift:3.7:*:*:*:enterprise:*:*:*

cpe:2.3:a:redhat:openshift:3.9:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 38%

0.00168

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2017-7534

CVSS3: 4.6

redhat

почти 8 лет назад

GHSA-7wp7-h784-jvqx