ID CVE-2016-3703 Type cve Reporter NVD Modified 2016-06-09T07:29:22
Description
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.
{"hash": "40b2460c481065e69bf27706099d78d7cceaafdd1418b23384ea491adf450bc9", "id": "CVE-2016-3703", "lastseen": "2016-12-01T02:24:26", "viewCount": 3, "hashmap": [{"hash": "65d5a89e1c9e4fd39cccde5dde742638", "key": "assessment"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "a6d8c25753aba314b48dc0bf50e1d329", "key": "cpe"}, {"hash": "5083ee406867147a3b53e3bb6c7e0961", "key": "cvelist"}, {"hash": "8184ae8f9f62d93cfef76a07b8a055be", "key": "cvss"}, {"hash": "25562fce13e3dc9d05e39c50aae795bd", "key": "description"}, {"hash": "7e5e877b3293ac03a571f4da29fbe999", "key": "href"}, {"hash": "3b42c0013730533ee75de555bff42eb5", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "01ad22bcb1046b6517f20f61cd8a6dc0", "key": "published"}, {"hash": "f55cdc031e44ec9e807e428688b4d117", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "b4cc3104b5238cac6d84db61ef920a1e", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:redhat:openshift:3.1::~~enterprise~~~", "cpe:/a:redhat:openshift:3.2::~~enterprise~~~"], "assessment": {"system": "", "name": "", "href": ""}, "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2016:1095", "RHSA-2016:1094"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2016-1095.NASL", "REDHAT-RHSA-2016-1094.NASL"]}], "modified": "2016-12-01T02:24:26"}, "vulnersScore": 5.0}, "type": "cve", "description": "Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.", "title": "CVE-2016-3703", "history": [], "objectVersion": "1.2", "cvelist": ["CVE-2016-3703"], "published": "2016-06-08T13:59:04", "references": ["https://access.redhat.com/errata/RHSA-2016:1095", "https://access.redhat.com/errata/RHSA-2016:1094"], "reporter": "NVD", "scanner": [], "modified": "2016-06-09T07:29:22", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3703"}
{"nessus": [{"lastseen": "2019-02-21T01:44:21", "bulletinFamily": "scanner", "description": "An update for atomic-openshift is now available for Red Hat OpenShift Enterprise 3.1. In addition, all images have been rebuilt on the new RHEL 7.2.4 base image.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es) :\n\n* An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser's localStorage if anonymous access was granted to a service/proxy or pod/ proxy API for a specific pod, and an authorized access_token was provided in the query parameter.\n(CVE-2016-3703)\n\nThis issue was discovered by Jordan Liggitt (Red Hat).\n\nThis update includes the following images :\n\nopenshift3/ose:v3.1.1.6-21 openshift3/ose-deployer:v3.1.1.6-20 openshift3/ose-docker-builder:v3.1.1.6-19 openshift3/ose-docker-registry:v3.1.1.6-9 openshift3/ose-f5-router:v3.1.1.6-20 openshift3/ose-haproxy-router:v3.1.1.6-9 openshift3/ose-keepalived-ipfailover:v3.1.1.6-9 openshift3/ose-pod:v3.1.1.6-9 openshift3/ose-recycler:v3.1.1.6-9 openshift3/ose-sti-builder:v3.1.1.6-19 openshift3/logging-auth-proxy:3.1.1-9 openshift3/logging-deployment:3.1.1-17 openshift3/logging-elasticsearch:3.1.1-11 openshift3/logging-fluentd:3.1.1-11 openshift3/logging-kibana:3.1.1-8 openshift3/metrics-deployer:3.1.1-7 openshift3/metrics-heapster:3.1.1-7 openshift3/node:v3.1.1.6-20 openshift3/openvswitch:v3.1.1.6-10", "modified": "2018-12-04T00:00:00", "id": "REDHAT-RHSA-2016-1095.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=119374", "published": "2018-12-04T00:00:00", "title": "RHEL 7 : Red Hat OpenShift Enterprise 3.1 (RHSA-2016:1095)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1095. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119374);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/12/04 16:01:27\");\n\n script_cve_id(\"CVE-2016-3703\");\n script_xref(name:\"RHSA\", value:\"2016:1095\");\n\n script_name(english:\"RHEL 7 : Red Hat OpenShift Enterprise 3.1 (RHSA-2016:1095)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for atomic-openshift is now available for Red Hat OpenShift\nEnterprise 3.1. In addition, all images have been rebuilt on the new\nRHEL 7.2.4 base image.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or\nprivate cloud deployments.\n\nSecurity Fix(es) :\n\n* An origin validation vulnerability was found in OpenShift\nEnterprise. An attacker could potentially access API credentials\nstored in a web browser's localStorage if anonymous access was granted\nto a service/proxy or pod/ proxy API for a specific pod, and an\nauthorized access_token was provided in the query parameter.\n(CVE-2016-3703)\n\nThis issue was discovered by Jordan Liggitt (Red Hat).\n\nThis update includes the following images :\n\nopenshift3/ose:v3.1.1.6-21 openshift3/ose-deployer:v3.1.1.6-20\nopenshift3/ose-docker-builder:v3.1.1.6-19\nopenshift3/ose-docker-registry:v3.1.1.6-9\nopenshift3/ose-f5-router:v3.1.1.6-20\nopenshift3/ose-haproxy-router:v3.1.1.6-9\nopenshift3/ose-keepalived-ipfailover:v3.1.1.6-9\nopenshift3/ose-pod:v3.1.1.6-9 openshift3/ose-recycler:v3.1.1.6-9\nopenshift3/ose-sti-builder:v3.1.1.6-19\nopenshift3/logging-auth-proxy:3.1.1-9\nopenshift3/logging-deployment:3.1.1-17\nopenshift3/logging-elasticsearch:3.1.1-11\nopenshift3/logging-fluentd:3.1.1-11 openshift3/logging-kibana:3.1.1-8\nopenshift3/metrics-deployer:3.1.1-7\nopenshift3/metrics-heapster:3.1.1-7 openshift3/node:v3.1.1.6-20\nopenshift3/openvswitch:v3.1.1.6-10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3703\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-recycle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tuned-profiles-atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1095\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_exists(rpm:\"atomic-openshift-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-3.1.1.6-8.git.64.80b61da.el7aos\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-3.1.1.6-8.git.64.80b61da.el7aos\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-redistributable-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-redistributable-3.1.1.6-8.git.64.80b61da.el7aos\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-dockerregistry-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-dockerregistry-3.1.1.6-8.git.64.80b61da.el7aos\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-master-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-master-3.1.1.6-8.git.64.80b61da.el7aos\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-node-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-node-3.1.1.6-8.git.64.80b61da.el7aos\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-pod-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-pod-3.1.1.6-8.git.64.80b61da.el7aos\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-recycle-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-recycle-3.1.1.6-8.git.64.80b61da.el7aos\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-sdn-ovs-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-sdn-ovs-3.1.1.6-8.git.64.80b61da.el7aos\")) flag++;\n if (rpm_exists(rpm:\"tuned-profiles-atomic-openshift-node-3.1\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tuned-profiles-atomic-openshift-node-3.1.1.6-8.git.64.80b61da.el7aos\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"atomic-openshift / atomic-openshift-clients / etc\");\n }\n}\n", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:44:21", "bulletinFamily": "scanner", "description": "An update for atomic-openshift and nodejs-node-uuid is now available for Red Hat OpenShift Enterprise 3.2. In addition, all images have been rebuilt on the new RHEL 7.2.4 base image.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es) :\n\n* A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges. (CVE-2016-3738)\n\n* An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser's localStorage if anonymous access was granted to a service/proxy or pod/ proxy API for a specific pod, and an authorized access_token was provided in the query parameter.\n(CVE-2016-3703)\n\n* A flaw was found in OpenShift Enterprise when multi-tenant SDN is enabled and a build is run within a namespace that would normally be isolated from pods in other namespaces. If an s2i build is run in such an environment the container being built can access network resources on pods that should not be available to it. (CVE-2016-3708)\n\nThe CVE-2016-3738 issue was discovered by David Eads (Red Hat); the CVE-2016-3703 issue was discovered by Jordan Liggitt (Red Hat); and the CVE-2016-3708 issue was discovered by Ben Parees (Red Hat).\n\nThis update includes the following images :\n\nopenshift3/ose:v3.2.0.44-2 openshift3/ose-deployer:v3.2.0.44-2 openshift3/ose-docker-builder:v3.2.0.44-2 openshift3/ose-docker-registry:v3.2.0.44-2 openshift3/ose-f5-router:v3.2.0.44-2 openshift3/ose-haproxy-router:v3.2.0.44-2 openshift3/ose-keepalived-ipfailover:v3.2.0.44-2 openshift3/ose-pod:v3.2.0.44-2 openshift3/ose-recycler:v3.2.0.44-2 openshift3/ose-sti-builder:v3.2.0.44-2 openshift3/jenkins-1-rhel7:1.642-32 openshift3/logging-auth-proxy:3.2.0-4 openshift3/logging-deployment:3.2.0-9 openshift3/logging-elasticsearch:3.2.0-8 openshift3/logging-fluentd:3.2.0-8 openshift3/logging-kibana:3.2.0-4 openshift3/metrics-deployer:3.2.0-6 openshift3/metrics-heapster:3.2.0-6 openshift3/mongodb-24-rhel7:2.4-28 openshift3/mysql-55-rhel7:5.5-26 openshift3/nodejs-010-rhel7:0.10-35 openshift3/node:v3.2.0.44-2 openshift3/openvswitch:v3.2.0.44-2 openshift3/perl-516-rhel7:5.16-38 openshift3/php-55-rhel7:5.5-35 openshift3/postgresql-92-rhel7:9.2-25 openshift3/python-33-rhel7:3.3-35 openshift3/ruby-20-rhel7:2.0-35\n\naep3_beta/aep:v3.2.0.44-2 aep3_beta/aep-deployer:v3.2.0.44-2 aep3_beta/aep-docker-registry:v3.2.0.44-2 aep3_beta/aep-f5-router:v3.2.0.44-2 aep3_beta/aep-haproxy-router:v3.2.0.44-2 aep3_beta/aep-keepalived-ipfailover:v3.2.0.44-2 aep3_beta/aep-pod:v3.2.0.44-2 aep3_beta/aep-recycler:v3.2.0.44-2 aep3_beta/logging-auth-proxy:3.2.0-4 aep3_beta/logging-deployment:3.2.0-9 aep3_beta/logging-elasticsearch:3.2.0-8 aep3_beta/logging-fluentd:3.2.0-8 aep3_beta/logging-kibana:3.2.0-4 aep3_beta/metrics-deployer:3.2.0-6 aep3_beta/metrics-heapster:3.2.0-6 aep3_beta/node:v3.2.0.44-2 aep3_beta/openvswitch:v3.2.0.44-2", "modified": "2018-12-04T00:00:00", "id": "REDHAT-RHSA-2016-1094.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=119373", "published": "2018-12-04T00:00:00", "title": "RHEL 7 : Red Hat OpenShift Enterprise 3.2 (RHSA-2016:1094)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1094. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119373);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/12/04 16:01:27\");\n\n script_cve_id(\"CVE-2016-3703\", \"CVE-2016-3708\", \"CVE-2016-3738\");\n script_xref(name:\"RHSA\", value:\"2016:1094\");\n\n script_name(english:\"RHEL 7 : Red Hat OpenShift Enterprise 3.2 (RHSA-2016:1094)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for atomic-openshift and nodejs-node-uuid is now available\nfor Red Hat OpenShift Enterprise 3.2. In addition, all images have\nbeen rebuilt on the new RHEL 7.2.4 base image.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or\nprivate cloud deployments.\n\nSecurity Fix(es) :\n\n* A vulnerability was found in the STI build process in OpenShift\nEnterprise. Access to STI builds was not properly restricted, allowing\nan attacker to use STI builds to access the Docker socket and escalate\ntheir privileges. (CVE-2016-3738)\n\n* An origin validation vulnerability was found in OpenShift\nEnterprise. An attacker could potentially access API credentials\nstored in a web browser's localStorage if anonymous access was granted\nto a service/proxy or pod/ proxy API for a specific pod, and an\nauthorized access_token was provided in the query parameter.\n(CVE-2016-3703)\n\n* A flaw was found in OpenShift Enterprise when multi-tenant SDN is\nenabled and a build is run within a namespace that would normally be\nisolated from pods in other namespaces. If an s2i build is run in such\nan environment the container being built can access network resources\non pods that should not be available to it. (CVE-2016-3708)\n\nThe CVE-2016-3738 issue was discovered by David Eads (Red Hat); the\nCVE-2016-3703 issue was discovered by Jordan Liggitt (Red Hat); and\nthe CVE-2016-3708 issue was discovered by Ben Parees (Red Hat).\n\nThis update includes the following images :\n\nopenshift3/ose:v3.2.0.44-2 openshift3/ose-deployer:v3.2.0.44-2\nopenshift3/ose-docker-builder:v3.2.0.44-2\nopenshift3/ose-docker-registry:v3.2.0.44-2\nopenshift3/ose-f5-router:v3.2.0.44-2\nopenshift3/ose-haproxy-router:v3.2.0.44-2\nopenshift3/ose-keepalived-ipfailover:v3.2.0.44-2\nopenshift3/ose-pod:v3.2.0.44-2 openshift3/ose-recycler:v3.2.0.44-2\nopenshift3/ose-sti-builder:v3.2.0.44-2\nopenshift3/jenkins-1-rhel7:1.642-32\nopenshift3/logging-auth-proxy:3.2.0-4\nopenshift3/logging-deployment:3.2.0-9\nopenshift3/logging-elasticsearch:3.2.0-8\nopenshift3/logging-fluentd:3.2.0-8 openshift3/logging-kibana:3.2.0-4\nopenshift3/metrics-deployer:3.2.0-6\nopenshift3/metrics-heapster:3.2.0-6 openshift3/mongodb-24-rhel7:2.4-28\nopenshift3/mysql-55-rhel7:5.5-26 openshift3/nodejs-010-rhel7:0.10-35\nopenshift3/node:v3.2.0.44-2 openshift3/openvswitch:v3.2.0.44-2\nopenshift3/perl-516-rhel7:5.16-38 openshift3/php-55-rhel7:5.5-35\nopenshift3/postgresql-92-rhel7:9.2-25\nopenshift3/python-33-rhel7:3.3-35 openshift3/ruby-20-rhel7:2.0-35\n\naep3_beta/aep:v3.2.0.44-2 aep3_beta/aep-deployer:v3.2.0.44-2\naep3_beta/aep-docker-registry:v3.2.0.44-2\naep3_beta/aep-f5-router:v3.2.0.44-2\naep3_beta/aep-haproxy-router:v3.2.0.44-2\naep3_beta/aep-keepalived-ipfailover:v3.2.0.44-2\naep3_beta/aep-pod:v3.2.0.44-2 aep3_beta/aep-recycler:v3.2.0.44-2\naep3_beta/logging-auth-proxy:3.2.0-4\naep3_beta/logging-deployment:3.2.0-9\naep3_beta/logging-elasticsearch:3.2.0-8\naep3_beta/logging-fluentd:3.2.0-8 aep3_beta/logging-kibana:3.2.0-4\naep3_beta/metrics-deployer:3.2.0-6 aep3_beta/metrics-heapster:3.2.0-6\naep3_beta/node:v3.2.0.44-2 aep3_beta/openvswitch:v3.2.0.44-2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3738\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-recycle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-node-uuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tuned-profiles-atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1094\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_exists(rpm:\"atomic-openshift-3.2\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-3.2.0.44-1.git.0.a4463d9.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-3.2\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-3.2.0.44-1.git.0.a4463d9.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-redistributable-3.2\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-redistributable-3.2.0.44-1.git.0.a4463d9.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-dockerregistry-3.2\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-dockerregistry-3.2.0.44-1.git.0.a4463d9.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-master-3.2\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-master-3.2.0.44-1.git.0.a4463d9.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-node-3.2\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-node-3.2.0.44-1.git.0.a4463d9.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-pod-3.2\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-pod-3.2.0.44-1.git.0.a4463d9.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-recycle-3.2\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-recycle-3.2.0.44-1.git.0.a4463d9.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-sdn-ovs-3.2\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-sdn-ovs-3.2.0.44-1.git.0.a4463d9.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-tests-3.2\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-tests-3.2.0.44-1.git.0.a4463d9.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"nodejs-node-uuid-1.4.7-1.el7\")) flag++;\n if (rpm_exists(rpm:\"tuned-profiles-atomic-openshift-node-3.2\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tuned-profiles-atomic-openshift-node-3.2.0.44-1.git.0.a4463d9.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"atomic-openshift / atomic-openshift-clients / etc\");\n }\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:43:12", "bulletinFamily": "unix", "description": "OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es):\n\n* An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser's localStorage if anonymous access was granted to a service/proxy or pod/proxy API for a specific pod, and an authorized access_token was provided in the query parameter. (CVE-2016-3703)\n\nThis issue was discovered by Jordan Liggitt (Red Hat).\n\nThis update includes the following images:\n\nopenshift3/ose:v3.1.1.6-21\nopenshift3/ose-deployer:v3.1.1.6-20\nopenshift3/ose-docker-builder:v3.1.1.6-19\nopenshift3/ose-docker-registry:v3.1.1.6-9\nopenshift3/ose-f5-router:v3.1.1.6-20\nopenshift3/ose-haproxy-router:v3.1.1.6-9\nopenshift3/ose-keepalived-ipfailover:v3.1.1.6-9\nopenshift3/ose-pod:v3.1.1.6-9\nopenshift3/ose-recycler:v3.1.1.6-9\nopenshift3/ose-sti-builder:v3.1.1.6-19\nopenshift3/logging-auth-proxy:3.1.1-9\nopenshift3/logging-deployment:3.1.1-17\nopenshift3/logging-elasticsearch:3.1.1-11\nopenshift3/logging-fluentd:3.1.1-11\nopenshift3/logging-kibana:3.1.1-8\nopenshift3/metrics-deployer:3.1.1-7\nopenshift3/metrics-heapster:3.1.1-7\nopenshift3/node:v3.1.1.6-20\nopenshift3/openvswitch:v3.1.1.6-10", "modified": "2016-05-20T00:32:38", "published": "2016-05-20T00:30:05", "id": "RHSA-2016:1095", "href": "https://access.redhat.com/errata/RHSA-2016:1095", "type": "redhat", "title": "(RHSA-2016:1095) Moderate: Red Hat OpenShift Enterprise 3.1 security update", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-12-11T17:45:03", "bulletinFamily": "unix", "description": "OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es):\n\n* A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges. (CVE-2016-3738)\n\n* An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser's localStorage if anonymous access was granted to a service/proxy or pod/proxy API for a specific pod, and an authorized access_token was provided in the query parameter. (CVE-2016-3703)\n\n* A flaw was found in OpenShift Enterprise when multi-tenant SDN is enabled and a build is run within a namespace that would normally be isolated from pods in other namespaces. If an s2i build is run in such an environment the container being built can access network resources on pods that should not be available to it. (CVE-2016-3708)\n\nThe CVE-2016-3738 issue was discovered by David Eads (Red Hat); the CVE-2016-3703 issue was discovered by Jordan Liggitt (Red Hat); and the CVE-2016-3708 issue was discovered by Ben Parees (Red Hat).\n\nThis update includes the following images:\n\nopenshift3/ose:v3.2.0.44-2\nopenshift3/ose-deployer:v3.2.0.44-2\nopenshift3/ose-docker-builder:v3.2.0.44-2\nopenshift3/ose-docker-registry:v3.2.0.44-2\nopenshift3/ose-f5-router:v3.2.0.44-2\nopenshift3/ose-haproxy-router:v3.2.0.44-2\nopenshift3/ose-keepalived-ipfailover:v3.2.0.44-2\nopenshift3/ose-pod:v3.2.0.44-2\nopenshift3/ose-recycler:v3.2.0.44-2\nopenshift3/ose-sti-builder:v3.2.0.44-2\nopenshift3/jenkins-1-rhel7:1.642-32\nopenshift3/logging-auth-proxy:3.2.0-4\nopenshift3/logging-deployment:3.2.0-9\nopenshift3/logging-elasticsearch:3.2.0-8\nopenshift3/logging-fluentd:3.2.0-8\nopenshift3/logging-kibana:3.2.0-4\nopenshift3/metrics-deployer:3.2.0-6\nopenshift3/metrics-heapster:3.2.0-6\nopenshift3/mongodb-24-rhel7:2.4-28\nopenshift3/mysql-55-rhel7:5.5-26\nopenshift3/nodejs-010-rhel7:0.10-35\nopenshift3/node:v3.2.0.44-2\nopenshift3/openvswitch:v3.2.0.44-2\nopenshift3/perl-516-rhel7:5.16-38\nopenshift3/php-55-rhel7:5.5-35\nopenshift3/postgresql-92-rhel7:9.2-25\nopenshift3/python-33-rhel7:3.3-35\nopenshift3/ruby-20-rhel7:2.0-35\n\naep3_beta/aep:v3.2.0.44-2\naep3_beta/aep-deployer:v3.2.0.44-2\naep3_beta/aep-docker-registry:v3.2.0.44-2\naep3_beta/aep-f5-router:v3.2.0.44-2\naep3_beta/aep-haproxy-router:v3.2.0.44-2\naep3_beta/aep-keepalived-ipfailover:v3.2.0.44-2\naep3_beta/aep-pod:v3.2.0.44-2\naep3_beta/aep-recycler:v3.2.0.44-2\naep3_beta/logging-auth-proxy:3.2.0-4\naep3_beta/logging-deployment:3.2.0-9\naep3_beta/logging-elasticsearch:3.2.0-8\naep3_beta/logging-fluentd:3.2.0-8\naep3_beta/logging-kibana:3.2.0-4\naep3_beta/metrics-deployer:3.2.0-6\naep3_beta/metrics-heapster:3.2.0-6\naep3_beta/node:v3.2.0.44-2\naep3_beta/openvswitch:v3.2.0.44-2", "modified": "2016-05-20T00:06:12", "published": "2016-05-20T00:02:55", "id": "RHSA-2016:1094", "href": "https://access.redhat.com/errata/RHSA-2016:1094", "type": "redhat", "title": "(RHSA-2016:1094) Important: Red Hat OpenShift Enterprise 3.2 security update", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
