CVE-2017-7534
Summary
| CVE | CVE-2017-7534 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-04-11 19:29:00 UTC |
| Updated | 2019-10-09 23:29:00 UTC |
| Description | OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Openshift | 3.0 | All | All | All |
| Application | Redhat | Openshift | 3.1 | All | All | All |
| Application | Redhat | Openshift | 3.2 | All | All | All |
| Application | Redhat | Openshift | 3.3 | All | All | All |
| Application | Redhat | Openshift | 3.4 | All | All | All |
| Application | Redhat | Openshift | 3.5 | All | All | All |
| Application | Redhat | Openshift | 3.6 | All | All | All |
| Application | Redhat | Openshift | 3.7 | All | All | All |
| Application | Redhat | Openshift | 3.9 | All | All | All |
| Application | Redhat | Openshift | 3.0 | All | All | All |
| Application | Redhat | Openshift | 3.1 | All | All | All |
| Application | Redhat | Openshift | 3.2 | All | All | All |
| Application | Redhat | Openshift | 3.3 | All | All | All |
| Application | Redhat | Openshift | 3.4 | All | All | All |
| Application | Redhat | Openshift | 3.5 | All | All | All |
| Application | Redhat | Openshift | 3.6 | All | All | All |
| Application | Redhat | Openshift | 3.7 | All | All | All |
| Application | Redhat | Openshift | 3.9 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1443003 – (CVE-2017-7534) CVE-2017-7534 openshift: XSS in log viewer for a pod | CONFIRM | bugzilla.redhat.com | Issue Tracking |
| Malformed Request | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.