9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.254 Low
EPSS
Percentile
96.1%
OpenShift Enterprise by Red Hat is the company’s cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.
The following security issues are addressed with this release:
An authorization flaw was discovered in Kubernetes; the API server
did not properly check user permissions when handling certain
requests. An authenticated remote attacker could use this flaw to
gain additional access to resources such as RAM and disk space.
(CVE-2016-1905)
An authorization flaw was discovered in Kubernetes; the API server
did not properly check user permissions when handling certain build-
configuration strategies. A remote attacker could create build
configurations with strategies that violate policy. Although the
attacker could not launch the build themselves (launch fails when
the policy is violated), if the build configuration files were later
launched by other privileged services (such as automated triggers),
user privileges could be bypassed allowing attacker escalation.
(CVE-2016-1906)
An update for Jenkins Continuous Integration Server that addresses a
large number of security issues including XSS, CSRF, information
disclosure and code execution have been addressed as well.
(CVE-2013-2186, CVE-2014-1869, CVE-2014-3661, CVE-2014-3662
CVE-2014-3663, CVE-2014-3664, CVE-2014-3666, CVE-2014-3667
CVE-2014-3680, CVE-2014-3681, CVE-2015-1806, CVE-2015-1807
CVE-2015-1808, CVE-2015-1810, CVE-2015-1812, CVE-2015-1813
CVE-2015-1814, CVE-2015-5317, CVE-2015-5318, CVE-2015-5319
CVE-2015-5320, CVE-2015-5321, CVE-2015-5322, CVE-2015-5323
CVE-2015-5324, CVE-2015-5325, CVE-2015-5326 ,CVE-2015-7537
CVE-2015-7538, CVE-2015-7539, CVE-2015-8103)
Space precludes documenting all of the bug fixes and enhancements in
this advisory. See the OpenShift Enterprise 3.1 Release Notes, which
will be updated shortly for release 3.1.1, for details about these
changes:
https://docs.openshift.com/enterprise/3.1/release_notes/ose_3_1_release_notes.html
All OpenShift Enterprise 3 users are advised to upgrade to these
updated packages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | nodejs-error-ex | < 1.2.0-1.el7aos | nodejs-error-ex-1.2.0-1.el7aos.noarch.rpm |
RedHat | 7 | x86_64 | atomic-openshift-node | < 3.1.1.6-1.git.0.b57e8bd.el7aos | atomic-openshift-node-3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm |
RedHat | 7 | src | origin-kibana | < 0.5.0-1.el7aos | origin-kibana-0.5.0-1.el7aos.src.rpm |
RedHat | 7 | src | nodejs-es6-promise | < 3.0.2-2.el7aos | nodejs-es6-promise-3.0.2-2.el7aos.src.rpm |
RedHat | 7 | noarch | nodejs-kind-of | < 3.0.2-1.el7aos | nodejs-kind-of-3.0.2-1.el7aos.noarch.rpm |
RedHat | 7 | src | nodejs-is-number | < 2.1.0-1.el7aos | nodejs-is-number-2.1.0-1.el7aos.src.rpm |
RedHat | 7 | noarch | nodejs-preserve | < 0.2.0-1.el7aos | nodejs-preserve-0.2.0-1.el7aos.noarch.rpm |
RedHat | 7 | src | nodejs-graceful-fs | < 4.1.2-1.el7aos | nodejs-graceful-fs-4.1.2-1.el7aos.src.rpm |
RedHat | 7 | noarch | openshift-ansible-docs | < 3.0.35-1.git.0.6a386dd.el7aos | openshift-ansible-docs-3.0.35-1.git.0.6a386dd.el7aos.noarch.rpm |
RedHat | 7 | noarch | nodejs-normalize-path | < 2.0.1-1.el7aos | nodejs-normalize-path-2.0.1-1.el7aos.noarch.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.254 Low
EPSS
Percentile
96.1%