Cross-Site Scripting (XSS)

2019-07-2900:08:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

50.8%

JSON

web-console is vulnerable to cross-site scripting. The vulnerability, caused by missing X-Frame-Options and CSRF protections, in the oauth/token/request endpoint could allow a remote attacker to retrieve a token for CLI usage when using non default configs.

CPENameOperatorVersion
atomic-openshifteq3.10.72__1.git.0.3cb2fdc.el7
atomic-openshifteq3.5.5.31.80__1.git.0.c4a0780.el7
atomic-openshifteq3.9.68__1.git.0.76fd86e.el7
atomic-openshifteq3.11.117__1.git.0.14e54a3.el7
atomic-openshifteq3.3.1.20__1.git.0.71967e4.el7
atomic-openshifteq3.5.5.31.24__1.git.0.ff74e0b.el7
atomic-openshifteq3.3.1.3__1.git.0.86dc49a.el7
atomic-openshifteq3.5.5.31.66__1.git.0.b27a71b.el7
atomic-openshifteq3.1.1.11__3.git.26.629ff43.el7aos
atomic-openshifteq3.11.82__1.git.0.08bc31b.el7

Name	Operator	Version
atomic-openshift	eq	3.10.72__1.git.0.3cb2fdc.el7
atomic-openshift	eq	3.5.5.31.80__1.git.0.c4a0780.el7
atomic-openshift	eq	3.9.68__1.git.0.76fd86e.el7
atomic-openshift	eq	3.11.117__1.git.0.14e54a3.el7
atomic-openshift	eq	3.3.1.20__1.git.0.71967e4.el7
atomic-openshift	eq	3.5.5.31.24__1.git.0.ff74e0b.el7
atomic-openshift	eq	3.3.1.3__1.git.0.86dc49a.el7
atomic-openshift	eq	3.5.5.31.66__1.git.0.b27a71b.el7
atomic-openshift	eq	3.1.1.11__3.git.26.629ff43.el7aos
atomic-openshift	eq	3.11.82__1.git.0.08bc31b.el7