CVE-2016-9592Improper Cleanup on Thrown Exception in Redhat Openshift

CWE-460Improper Cleanup on Thrown ExceptionCWE-3995 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 45.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openshift
Timeline
PublishedApr 16
Latest updateMay 13

Description

openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

NVDredhat/openshift3.2.1.23, 3.3.1.11, 3.4+2

🔴Vulnerability Details

2
GHSA
GHSA-4p74-q7jv-8p55: openshift before versions 32022-05-13
CVEList
CVE-2016-9592: openshift before versions 32018-04-16

📋Vendor Advisories

1
Red Hat
openshift: Failing to detach a volume causes DoS by retrying to perform delete2016-12-19

💬Community

1
Bugzilla
CVE-2016-9592 openshift: Failing to detach a volume causes DoS by retrying to perform delete2016-12-16
CVE-2016-9592 — Improper Cleanup on Thrown Exception | cvebase