CVE-2017-15137 — Improper Input Validation in Redhat Openshift Container Platform

CWE-20 — Improper Input Validation5 documents5 sources
Severity
5.3MEDIUMNVD
CNA4.3
EPSS
0.2%
top 62.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openshift Container Platform
Timeline
PublishedJul 16
Latest updateMay 13

Description

The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages0 packages

Also affects: Openshift Container Platform 3.9

🔴Vulnerability Details

2
GHSA
GHSA-fcgm-gwv3-mqcg: The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example↗2022-05-13
â–¶
CVEList
CVE-2017-15137: The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example↗2018-07-16
â–¶

📋Vendor Advisories

1
Red Hat
atomic-openshift: image import whitelist can be bypassed by creating an imagestream or using oc tag↗2018-03-28
â–¶

💬Community

1
Bugzilla
CVE-2017-15137 atomic-openshift: image import whitelist can be bypassed by creating an imagestream or using oc tag↗2018-04-11
â–¶
CVE-2017-15137 — Improper Input Validation in Redhat | cvebase