Описание
A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.
Меры по смягчению последствий
Currently, no mitigation is available for this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-central-db-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-main-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-rhel8-operator | Fix deferred | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-roxctl-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-scanner-db-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-scanner-db-slim-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-scanner-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-scanner-slim-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-scanner-v4-db-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-scanner-v4-rhel8 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS3
Связанные уязвимости
A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.
A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.
5 Medium
CVSS3