Path Validation Flaw in OpenShift Enterprise 3.x by Red Hat
CVE-2018-1102
8.8HIGH
Summary
A vulnerability exists in the path validation mechanism utilized in the source-to-image function of OpenShift Enterprise 3.x, enabling potential privilege escalation. This flaw arises from inadequate validation of tar file paths during extraction, presenting a risk that may allow unauthorized access to critical system resources. It is essential for users of OpenShift Enterprise to apply the relevant updates and patches to mitigate this security threat.
Affected Version(s)
atomic-openshift as shipped with Openshift Enterprise 3.x
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved