CVE-2013-4364 — Link Following in Redhat Openshift

CWE-59 — Link Following CWE-377 — Insecure Temporary File5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 91.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openshift

Timeline

PublishedJan 8

Latest updateMay 14

Description

(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDredhat/openshift1.0, 2.0+1

🔴Vulnerability Details

GHSA

GHSA-5pv6-62pr-4gfr: (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local us↗2022-05-14

▶

CVEList

CVE-2013-4364: (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local us↗2018-01-08

▶

📋Vendor Advisories

Red Hat

OpenShift: openshift-origin-broker-util incorrect temporary file usage↗2014-07-07

▶

💬Community

Bugzilla

CVE-2013-4364 OpenShift: openshift-origin-broker-util incorrect temporary file usage↗2013-09-19

▶