CVE-2018-10937

EPSS 0.33% · P56 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-10937

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Red Hat Openshift Container Platform tetonic-console组件跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Red Hat OpenShift Container Platform是美国红帽（Red Hat）公司的一款可帮助企业在物理、虚拟和公共云基础架构之间开发、部署和管理现有基于容器的应用程序的应用平台。tetonic-console是其中的一个控制台组件。 Red Hat Openshift Container Platform 3.11版本中的tetonic-console组件存在跨站脚本漏洞，该漏洞源于程序没有充分的过滤用户提交的输入。远程攻击者可利用该漏洞在K8s API上以用户身份执行操作。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Red Hat	Openshift Container Platform	3.11	-

II. Public POCs for CVE-2018-10937

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-10937

请登录查看更多情报信息。

https://github.com/openshift/console/pull/461x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937x_refsource_CONFIRM
https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309cx_refsource_CONFIRM
http://www.securityfocus.com/bid/105190vdb-entryx_refsource_BID
https://nvd.nist.gov/vuln/detail/CVE-2018-10937

Same Patch Batch · Red Hat · 2018-09-11 · 9 CVEs total

CVE-2016-0750		Infinispan hotrod java客户端安全漏洞
CVE-2016-7047		Red Hat CloudForms Management Engine 信息泄露漏洞
CVE-2016-7070		Ansible Tower 权限许可和访问控制漏洞
CVE-2016-7066		Red Hat JBoss Enterprise Application Platform 安全漏洞
CVE-2018-10893		Red Hat spice-client 安全漏洞
CVE-2018-10935		Red Hat 389 Directory Server 安全漏洞
CVE-2018-1114		Red Hat Undertow 安全漏洞
CVE-2018-1127		Red Hat Gluster Storage Tendrl API 安全漏洞

IV. Related Vulnerabilities

Same product: Openshift Container Platform

CVE-2019-10200
Red Hat OpenShift Container Platform 访问控制错误漏洞

Same vendor: Red Hat

Same weakness: CWE-79

V. Comments for CVE-2018-10937

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-10937

I. Basic Information for CVE-2018-10937

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-10937

III. Intelligence Information for CVE-2018-10937

Same Patch Batch · Red Hat · 2018-09-11 · 9 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-10937

Leave a comment