CVE-2014-3674Improper Access Control in Redhat Openshift

CWE-264CWE-284Improper Access Control5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openshift
Timeline
PublishedNov 13
Latest updateMay 13

Description

Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDredhat/openshift2.1.8+15

🔴Vulnerability Details

2
GHSA
GHSA-cwr8-rjvx-3529: Red Hat OpenShift Enterprise before 22022-05-13
CVEList
CVE-2014-3674: Red Hat OpenShift Enterprise before 22014-11-13

📋Vendor Advisories

1
Red Hat
Enterprise: gears fail to properly isolate network traffic2014-11-03

💬Community

1
Bugzilla
CVE-2014-3674 OpenShift Enterprise: gears fail to properly isolate network traffic2014-09-30
CVE-2014-3674 — Improper Access Control in Redhat | cvebase