N/A

CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured by Tectonic administrators. An attacker can insert an XSS payload into the dashboards.

N/A

N/A

Red Hat CoreOS Tectonic 跨站脚本漏洞

Red Hat CoreOS Tectonic是美国红帽（Red Hat）公司的一套开源的自动化企业Kubernetes平台。该平台主要用于自动执行操作任务，实现平台可移植性和多集群管理。 Red Hat CoreOS Tectonic 1.7.x版本和1.8.7-tectonic.2之前的1.8.x版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

N/A

N/A