Lucene search
Redhat.comRH:CVE-2018-1102HistoryApr 27, 2018 - 3:30 p.m.
CVE-2018-1102
2018-04-2715:30:31
redhat.com
access.redhat.com
19
EPSS
0.004
Percentile
72.0%
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.
Mitigation
Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.
- Disabling S2I in OpenShift Enterprise 3.0 - <https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally>
- Disabling S2I in OpenShift Enterprise 3.1 - <https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally>
- Disabling S2I in OpenShift Enterprise 3.2 - <https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally>
- Disabling S2I in OpenShift Enterprise 3.3 - <https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds>
- Disabling S2I in OpenShift Enterprise 3.4 - <https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds>
- Disabling S2I in OpenShift Enterprise 3.5 - <https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds>
- Disabling S2I in OpenShift Enterprise 3.6 - <https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds>
- Disabling S2I in OpenShift Enterprise 3.7 - <https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds>
- OpenShift Enterprise 3.8 is not a production version (only for upgrades).
- Disabling S2I in OpenShift Enterprise 3.9 - <https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds>
Related
osv
osv
CVE-2018-1102
2018-04-30 19:29:00
nessus
nessus
RHEL 7 : OpenShift Container Platform 3.7 (RHSA-2018:1231)
2018-12-04 00:00:00
RHEL 7 : OpenShift Container Platform 3.5 (RHSA-2018:1235)
2018-12-04 00:00:00
RHEL 7 : OpenShift Container Platform 3.4 (RHSA-2018:1237)
2018-12-04 00:00:00
redhat
redhat
(RHSA-2018:1229) Critical: OpenShift Container Platform 3.8 security update
2018-04-28 11:46:49
(RHSA-2018:1235) Critical: OpenShift Container Platform 3.5 security, bug fix, and enhancement update
2018-04-30 04:51:23
(RHSA-2018:1237) Critical: OpenShift Container Platform 3.4 security update
2018-04-30 05:15:41
veracode
veracode
Privilege Escalation
2019-01-15 09:21:34
cvelist
cvelist
CVE-2018-1102
2018-04-30 19:00:00
prion
prion
Input validation
2018-04-30 19:29:00
cve
cve
CVE-2018-1102
2018-04-30 19:29:00
nvd
nvd
CVE-2018-1102
2018-04-30 19:29:00