Lucene search

K

RedhatCVELIST:CVE-2018-1102

HistoryApr 30, 2018 - 7:00 p.m.

CVE-2018-1102

2018-04-3019:00:00

CWE-20

redhat

www.cve.org

1

8.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.1%

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.

CNA Affected

[
  {
    "product": "atomic-openshift",
    "vendor": "Red Hat, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "as shipped with Openshift Enterprise 3.x"
      }
    ]
  }
]

References

access.redhat.com/errata/RHSA-2018:1227

access.redhat.com/errata/RHSA-2018:1229

access.redhat.com/errata/RHSA-2018:1231

access.redhat.com/errata/RHSA-2018:1233

access.redhat.com/errata/RHSA-2018:1235

access.redhat.com/errata/RHSA-2018:1237

access.redhat.com/errata/RHSA-2018:1239

access.redhat.com/errata/RHSA-2018:1241

access.redhat.com/errata/RHSA-2018:1243

access.redhat.com/errata/RHSA-2019:0036

bugzilla.redhat.com/show_bug.cgi?id=1562246

8.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.1%

Related for CVELIST:CVE-2018-1102

redhatcve1 redhat10 nessus10 veracode1 prion1 cve1 nvd1 osv1