Denial of Service Vulnerability in OpenShift by Red Hat
CVE-2018-10885

6.5MEDIUM

Key Information:

Vendor: [unknown]
Status: Atomic-openshift
Vendor: CVE Published:; 5 July 2018

What is CVE-2018-10885?

In versions of OpenShift prior to 3.10.9, a malicious configuration of network policies leveraging the ovs-networkpolicy plugin can lead to a failure in OpenShift Routing. This vulnerability allows an attacker to generate a Denial of Service (DoS) condition, affecting clusters running versions 3.9 and 3.7. It is crucial for organizations using these versions to implement security measures to prevent exploitation of this flaw.

Affected Version(s)

atomic-openshift atomic-openshift 3.10.9

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104688

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 5, 2018
Vulnerability Reserved
May 9, 2018

CVE-2018-10885 Data

JSON

[unknown]

What is CVE-2018-10885?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline