Privilege Escalation

2019-01-1509:21:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.004 Low

EPSS

Percentile

72.1%

JSON

atomic openshift is vulnerable to privilege escalation attacks. The vulnerability exists as a flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.

CPENameOperatorVersion
atomic-openshifteq3.5.5.31__1.git.0.b6f55a2.el7
atomic-openshifteq3.7.23__1.git.0.8edc154.el7
atomic-openshifteq3.3.1.20__1.git.0.71967e4.el7
atomic-openshifteq3.3.0.34__1.git.0.83f306f.el7
atomic-openshifteq3.5.5.31.24__1.git.0.ff74e0b.el7
atomic-openshifteq3.5.5.31.48__1.git.0.245c039.el7
atomic-openshifteq3.3.1.3__1.git.0.86dc49a.el7
atomic-openshifteq3.5.5.31.66__1.git.0.b27a71b.el7
atomic-openshifteq3.4.0.39__1.git.0.5f32f06.el7
atomic-openshifteq3.1.1.11__3.git.26.629ff43.el7aos

Name	Operator	Version
atomic-openshift	eq	3.5.5.31__1.git.0.b6f55a2.el7
atomic-openshift	eq	3.7.23__1.git.0.8edc154.el7
atomic-openshift	eq	3.3.1.20__1.git.0.71967e4.el7
atomic-openshift	eq	3.3.0.34__1.git.0.83f306f.el7
atomic-openshift	eq	3.5.5.31.24__1.git.0.ff74e0b.el7
atomic-openshift	eq	3.5.5.31.48__1.git.0.245c039.el7
atomic-openshift	eq	3.3.1.3__1.git.0.86dc49a.el7
atomic-openshift	eq	3.5.5.31.66__1.git.0.b27a71b.el7
atomic-openshift	eq	3.4.0.39__1.git.0.5f32f06.el7
atomic-openshift	eq	3.1.1.11__3.git.26.629ff43.el7aos