Total vulnerabilities in the database
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.
| Software | From | Fixed in |
|---|---|---|
| redhat / openshift | 3.1 | 3.1.x |
| redhat / openshift | 3.0 | 3.0.x |
| redhat / openshift | 3.2 | 3.2.x |
| redhat / openshift | 3.7 | 3.7.x |
| redhat / openshift | 3.3 | 3.3.x |
| redhat / openshift | 3.4 | 3.4.x |
| redhat / openshift | 3.5 | 3.5.x |
| redhat / openshift | 3.6 | 3.6.x |
| redhat / openshift | 3.9 | 3.9.x |