CVE-2016-3738

CVE-2016-3738 affects Red Hat OpenShift Enterprise 3.2, where the STI build process does not restrict access properly. This vulnerability allows remote authenticated users to access the Docker socket and escalate privileges via build-pod related vectors. The issue originates from insufficient acc...

PT-2016-5687 · Red Hat +1 · Red Hat Openshift Enterprise +1

Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise version 3.2 Description: The issue is related to improper access restriction to STI builds, allowing remote authenticated users to access the Docker socket and gain privileges. This is achieved through vectors...

origin: pod update allows docker socket access via build-pod

A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges...

Important: Red Hat Security Advisory: Red Hat OpenShift Enterprise 3.2 security update

An update for atomic-openshift and nodejs-node-uuid is now available for Red Hat OpenShift Enterprise 3.2. In addition, all images have been rebuilt on the new RHEL 7.2.4 base image. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

CVE-2016-3738

A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges...