CVE-2018-1069 — Improper Access Control in HAT INC Openshift Enterprise

CWE-284 — Improper Access Control CWE-732 — Incorrect Permission Assignment CWE-20 — Improper Input Validation5 documents5 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 74.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT INC Openshift Enterprise Redhat Openshift

Timeline

PublishedMar 9

Latest updateMay 13

Description

Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5red_hat_inc/openshift_enterprise3.7

▶NVDredhat/openshift3.7

🔴Vulnerability Details

GHSA

GHSA-h362-mrg5-244p: Red Hat OpenShift Enterprise version 3↗2022-05-13

▶

CVEList

CVE-2018-1069: Red Hat OpenShift Enterprise version 3↗2018-03-09

▶

📋Vendor Advisories

Red Hat

Networking: container networking does not prevent access to network resources↗2018-03-08

▶

💬Community

Bugzilla

CVE-2018-1069 Networking: container networking does not prevent access to network resources↗2018-03-08

▶