Описание
Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow
A cross-site scripting (XSS) vulnerability was found in kubeflow's presentation of pipeline cards. This issue may allow an attacker to trick a user into visiting a specially crafted link that could inject malicious HTML into the victim's browser. The highest threat from this vulnerability is to data confidentiality and integrity.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Data Science (RHODS) | rhods/odh-kf-notebook-controller-rhel8 | Will not fix | ||
| Red Hat OpenShift Data Science (RHODS) | rhods/odh-ml-pipelines-api-server-rhel8 | Will not fix | ||
| Red Hat OpenShift Data Science (RHODS) | rhods/odh-ml-pipelines-artifact-manager-rhel8 | Will not fix | ||
| Red Hat OpenShift Data Science (RHODS) | rhods/odh-ml-pipelines-cache-rhel8 | Will not fix | ||
| Red Hat OpenShift Data Science (RHODS) | rhods/odh-ml-pipelines-persistenceagent-rhel8 | Will not fix | ||
| Red Hat OpenShift Data Science (RHODS) | rhods/odh-ml-pipelines-scheduledworkflow-rhel8 | Will not fix | ||
| Red Hat OpenShift Data Science (RHODS) | rhods/odh-ml-pipelines-viewercontroller-rhel8 | Will not fix | ||
| Red Hat OpenShift Data Science (RHODS) | rhods/odh-notebook-controller-rhel8 | Will not fix | ||
| Red Hat OpenShift Data Science (RHODS) | rhods/odh-operator-base-rhel8 | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2254723kubeflow: Reflected XSS in /pipelines/artifacts/get
EPSS
Процентиль: 49%
0.00257
Низкий
5.4 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.1
nvd
около 2 лет назад
Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow
CVSS3: 5.4
github
около 2 лет назад
Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow
EPSS
Процентиль: 49%
0.00257
Низкий
5.4 Medium
CVSS3