CVE-2018-1070 — Improper Input Validation in Redhat Openshift Container Platform

CWE-20 — Improper Input Validation5 documents5 sources

Severity

7.5HIGHNVD

CNA6.5

EPSS

0.2%

top 63.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openshift Container Platform

Timeline

PublishedJun 12

Latest updateMay 13

Description

routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDredhat/openshift_container_platform< 3.10

🔴Vulnerability Details

GHSA

GHSA-mfw5-7x4h-m4v5: routing before version 3↗2022-05-13

▶

CVEList

CVE-2018-1070: routing before version 3↗2018-06-12

▶

📋Vendor Advisories

Red Hat

Routing: Malicous Service configuration can bring down routing for an entire shard.↗2018-04-27

▶

💬Community

Bugzilla

CVE-2018-1070 Routing: Malicous Service configuration can bring down routing for an entire shard.↗2018-03-08

▶