CVE-2014-0233Code Injection in Redhat Openshift

CWE-94Code InjectionCWE-73External Control of File Name or PathCWE-78OS Command Injection6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
1.4%
top 19.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openshift
Timeline
PublishedNov 16
Latest updateMay 13

Description

Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

NVDredhat/openshift2.0, 2.1+1

🔴Vulnerability Details

2
GHSA
GHSA-frgq-r6cx-mg8w: Red Hat OpenShift Enterprise 22022-05-13
CVEList
CVE-2014-0233: Red Hat OpenShift Enterprise 22014-11-16

📋Vendor Advisories

1
Red Hat
OpenShift: downloadable cartridge source url file command execution as root2014-05-21

💬Community

2
Bugzilla
CVE-2014-0233 OpenShift: downloadable cartridge source url file command execution as root2014-05-12
Bugzilla
CVE-2014-0071 OpenStack PackStack: Neutron Security Groups fail to block network traffic2014-02-12
CVE-2014-0233 — Code Injection in Redhat Openshift | cvebase