CVE-2018-10937 MEDIUM

CVE-2018-10937

Vendor Red Hat

Product Openshift Container Platform

Weakness CWE-79 · XSS

Published September 11, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

4.6/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.

Key dates

02Disclosure timeline

September 11, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-10937 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-9411 OFCMS add.json add cross site scripting CVE-2026-34815 Endian Firewall /cgi-bin/smtpdomains.cgi DOMAIN Stored Cross-Site Scripting CVE-2026-44651 SillyTavern: Reflected XSS vulnerability in the CORS proxy middleware CVE-2024-10583 Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder <= 1.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-33639 WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability