Openshift@3.7 Security Vulnerabilities and Issues — Openshift@3.7 CVE List

Lucene search

RedhatOpenshift3.7

3 matches found

CVE•added 2018/04/30 7:29 p.m.•113 views

CVE-2018-1102

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.

8.8CVSS8.4AI score0.01331EPSS

CVE•added 2018/04/11 7:29 p.m.•45 views

CVE-2017-7534

OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.

5.4CVSS5.2AI score0.00168EPSS

CVE•added 2018/03/09 2:29 p.m.•43 views

CVE-2018-1069

Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.

7.1CVSS6.8AI score0.00092EPSS