Redhat Openshift Container Platform CVE-2019-3889 Cross Site Scripting Vulnerability

Red Hat OpenShift Container Platform is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Information

Bugtraq ID: 109062
Class: Input Validation Error
CVE: CVE-2019-3889

Remote: Yes
Local: No
Published: Jul 08 2019 12:00AM
Updated: Jul 08 2019 12:00AM
Credit: Jeremy Choi (Red Hat).
Vulnerable: Redhat OpenShift Container Platform 3.9
Redhat OpenShift Container Platform 3.7
Redhat OpenShift Container Platform 3.6
Redhat OpenShift Container Platform 3.5
Redhat OpenShift Container Platform 3.4
Redhat OpenShift Container Platform 3.11
Redhat OpenShift Container Platform 3.10

Not Vulnerable:

Exploit

Attackers can exploit this issue by enticing an unsuspecting victim into following a malicious URI.

References:

• Red Hat Bugzilla â?? Bug 1693499 (Red Hat Bugzilla)
  
• CVE-2019-3889 atomic-openshift: reflected XSS in authorization flow (Redhat)
  

Source: www.securityfocus.com