OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103754 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=1443003 | Issue Tracking |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2018-04-11 19:29
Updated : 2024-02-04 19:46
NVD link : CVE-2017-7534
Mitre link : CVE-2017-7534
CVE.ORG link : CVE-2017-7534
JSON object : View
Products Affected
redhat
- openshift
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')