CVE-2016-3738 — Improper Access Control in Redhat Openshift

CWE-264 CWE-284 — Improper Access Control CWE-190 — Integer Overflow or Wraparound8 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.7%

top 28.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openshift

Timeline

PublishedJun 8

Latest updateMay 17

Description

Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDredhat/openshift3.2

🔴Vulnerability Details

GHSA

GHSA-6j4q-5h3q-823c: Red Hat OpenShift Enterprise 3↗2022-05-17

▶

CVEList

CVE-2016-3738: Red Hat OpenShift Enterprise 3↗2016-06-08

▶

📋Vendor Advisories

Red Hat

openssl: rsaz_1024_mul_avx2 overflow bug on x86_64↗2017-12-07

▶

Red Hat

origin: pod update allows docker socket access via build-pod↗2016-05-19

▶

💬Community

Bugzilla

CVE-2016-3738 origin: pod update allows docker socket access via build-pod↗2016-05-05

▶