Path Validation Flaw in OpenShift Enterprise 3.x by Red Hat
CVE-2018-1102

8.8HIGH

Key Information:

Vendor
Red Hat
Status
Atomic-openshift
Vendor
CVE Published:
30 April 2018

Summary

A vulnerability exists in the path validation mechanism utilized in the source-to-image function of OpenShift Enterprise 3.x, enabling potential privilege escalation. This flaw arises from inadequate validation of tar file paths during extraction, presenting a risk that may allow unauthorized access to critical system resources. It is essential for users of OpenShift Enterprise to apply the relevant updates and patches to mitigate this security threat.

Affected Version(s)

atomic-openshift as shipped with Openshift Enterprise 3.x

References

https://access.redhat.com/errata/RHSA-2018:1235
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1241
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1233
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.