x/vulndb: potential Go vuln in github.com/openshift/console: CVE-2018-10937

[tatianab]

CVE-2018-10937 references github.com/openshift/console, which may be a Go module.

Description:
A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2018-10937
• web: http://www.securityfocus.com/bid/105190
• web: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937
• fix: openshift/console@d566668
• fix: Bug 1622372 - Require CSRF token on all proxied requests openshift/console#461
• Imported by: https://pkg.go.dev/github.com/openshift/console?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/openshift/console
      vulnerable_at: 6.0.6+incompatible
      packages:
        - package: Openshift Container Platform
cves:
    - CVE-2018-10937
references:
    - web: http://www.securityfocus.com/bid/105190
    - web: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937
    - fix: https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c
    - fix: https://github.com/openshift/console/pull/461

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports