CVE-2016-8651 — Improper Input Validation in RED HAT Openshift Enterprise

CWE-20 — Improper Input Validation7 documents6 sources

Severity

3.5LOWNVD

CNA3.1

EPSS

0.2%

top 53.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT Openshift Enterprise Redhat Openshift Redhat Openshift Container Platform

Timeline

PublishedAug 1

Latest updateMay 13

Description

An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

▶NVDredhat/openshift3.0

▶CVEListV5red_hat/openshift_enterprise3

Also affects: Openshift Container Platform 3.1, 3.2, 3.3

🔴Vulnerability Details

GHSA

GHSA-8x5v-7r3g-jgfj: An input validation flaw was found in the way OpenShift 3 handles requests for images↗2022-05-13

▶

CVEList

CVE-2016-8651: An input validation flaw was found in the way OpenShift 3 handles requests for images↗2018-08-01

▶

📋Vendor Advisories

Red Hat

3: Pulling of any image is possible with it manifest↗2016-12-07

▶

🕵️Threat Intelligence

Qualys

Update: Last Adobe 0-day Patched for the Year | Qualys↗2015-12-28

▶

Qualys

Update: Last Adobe 0-day Patched for the Year | Qualys↗2015-12-28

▶

💬Community

Bugzilla

CVE-2016-8651 OpenShift Enterprise 3: Pulling of any image is possible with it manifest↗2016-11-23

▶