Root Command Execution

2017-04-2707:24:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

59.4%

JSON

github.com/openshift/origin is vulnerable to root command execution. Remotely authenticated users can change the root password in a sti builder image which allows them to execute commands with root privileges.

CPENameOperatorVersion
github.com/openshift/origineqHEAD
github.com/openshift/originle1.1.3
nodejs-osenveq0.0.3__5.el7
nodejs-json-stringify-safeeq5.0.0__1.el7
nodejs-mimeeq1.2.11__1.el7
python-mimeparseeq0.1.4__1.el7ost
nodejs-sntpeq0.2.4__1.el7
jenkinseq1.625.3__2.el7aos
openshift-elasticsearch-plugineq0.7.0.redhat_1__1.el7
nodejs-read-all-streameq1.0.2__1.el7

Name	Operator	Version
github.com/openshift/origin	eq	HEAD
github.com/openshift/origin	le	1.1.3
nodejs-osenv	eq	0.0.3__5.el7
nodejs-json-stringify-safe	eq	5.0.0__1.el7
nodejs-mime	eq	1.2.11__1.el7
python-mimeparse	eq	0.1.4__1.el7ost
nodejs-sntp	eq	0.2.4__1.el7
jenkins	eq	1.625.3__2.el7aos
openshift-elasticsearch-plugin	eq	0.7.0.redhat_1__1.el7
nodejs-read-all-stream	eq	1.0.2__1.el7