CVE-2018-14632

7.7HIGH

Key Information:

Vendor: Red Hat
Status: Atomic-openshift
Vendor: CVE Published:; 6 September 2018

Summary

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.

Affected Version(s)

atomic-openshift atomic-openshift-3.7

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632

x_refsource_CONFIRM

https://github.com/evanphx/json-patch/commit/4c9aadca8f89...

x_refsource_CONFIRM

https://access.redhat.com/errata/RHBA-2018:2652

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 6, 2018
Vulnerability Reserved
Jul 27, 2018

.