Описание
A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | tectonic-console | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | tectonic-console | Not affected | ||
| Red Hat OpenShift Container Platform 3.2 | tectonic-console | Not affected | ||
| Red Hat OpenShift Container Platform 3.3 | tectonic-console | Not affected | ||
| Red Hat OpenShift Container Platform 3.4 | tectonic-console | Not affected | ||
| Red Hat OpenShift Container Platform 3.5 | tectonic-console | Not affected | ||
| Red Hat OpenShift Container Platform 3.6 | tectonic-console | Not affected | ||
| Red Hat OpenShift Container Platform 3.7 | tectonic-console | Not affected | ||
| Red Hat OpenShift Container Platform 3.9 | tectonic-console | Not affected | ||
| Red Hat OpenShift Enterprise 3.0 | tectonic-console | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1622372tectonic-console: XSS Vulnerability in K8s API proxy
EPSS
Процентиль: 55%
0.00329
Низкий
4.6 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.6
nvd
больше 7 лет назад
A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.
CVSS3: 5.4
github
больше 3 лет назад
A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.
EPSS
Процентиль: 55%
0.00329
Низкий
4.6 Medium
CVSS3