CVE-2016-3708 — Improper Access Control in Redhat Openshift

CWE-284 — Improper Access Control5 documents5 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 67.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openshift

Timeline

PublishedJun 8

Latest updateMay 17

Description

Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages1 packages

▶NVDredhat/openshift3.2

🔴Vulnerability Details

GHSA

GHSA-4cjv-9553-8x8j: Red Hat OpenShift Enterprise 3↗2022-05-17

▶

CVEList

CVE-2016-3708: Red Hat OpenShift Enterprise 3↗2016-06-08

▶

📋Vendor Advisories

Red Hat

3: s2i builds implicitly perform docker builds↗2016-04-27

▶

💬Community

Bugzilla

CVE-2016-3708 OpenShiftEnterprise 3: s2i builds implicitly perform docker builds↗2016-04-28

▶