CVE-2017-7534

OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
redhatopenshift
3.0
redhatopenshift
3.1
redhatopenshift
3.2
redhatopenshift
3.3
redhatopenshift
3.4
redhatopenshift
3.5
redhatopenshift
3.6
redhatopenshift
3.7
redhatopenshift
3.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/103754
https://bugzilla.redhat.com/show_bug.cgi?id=1443003
http://www.securityfocus.com/bid/103754
https://bugzilla.redhat.com/show_bug.cgi?id=1443003