Input Validation Flaw in OpenShift 3 by Red Hat
CVE-2016-8651

3.1LOW

Key Information:

Vendor

Red Hat
Status
Openshift Enterprise
Vendor
CVE Published:
1 August 2018

What is CVE-2016-8651?

An input validation issue exists in OpenShift 3 that permits users possessing the manifest of an image to access the image, even without appropriate permissions. This vulnerability can lead to unauthorized disclosure of sensitive information contained within the image. Organizations using OpenShift 3 should assess their risk and apply necessary mitigations to safeguard their data.

Affected Version(s)

OpenShift Enterprise 3

References

http://www.securityfocus.com/bid/94935
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2016:2915
vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651
x_refsource_CONFIRM

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-8651 : Input Validation Flaw in OpenShift 3 by Red Hat