CVE-2015-5222 — Missing Authorization in Redhat Openshift

CWE-264 CWE-862 — Missing Authorization6 documents6 sources

Severity

8.5HIGHNVD

EPSS

0.5%

top 35.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openshift

Timeline

PublishedAug 24

Latest updateMay 17

Description

Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages1 packages

▶NVDredhat/openshift3.0.0.0

🔴Vulnerability Details

GHSA

GHSA-x7xw-w98q-fgfm: Red Hat OpenShift Enterprise 3↗2022-05-17

▶

CVEList

CVE-2015-5222: Red Hat OpenShift Enterprise 3↗2015-08-24

▶

💥Exploits & PoCs

Exploit-DB

Gecko CMS 2.3 - Multiple Vulnerabilities↗2015-01-13

▶

📋Vendor Advisories

Red Hat

OpenShift3: Exec operations should be forbidden to privileged pods such as builder pods↗2015-08-19

▶

💬Community

Bugzilla

CVE-2015-5222 OpenShift3: Exec operations should be forbidden to privileged pods such as builder pods↗2015-08-19

▶