6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.2%
A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.
www.securityfocus.com/bid/105190
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937
github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c
github.com/openshift/console/pull/461