Vulnerabilites related to Red Hat, Inc. - OpenShift Enterprise
cve-2018-1069
Vulnerability from cvelistv5
Published
2018-03-09 14:00
Modified
2024-08-05 03:51
Severity ?
Summary
Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1552987x_refsource_CONFIRM
http://www.securityfocus.com/bid/103364vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Red Hat, Inc. OpenShift Enterprise Version: 3.7
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:47.337Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552987"
          },
          {
            "name": "103364",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103364"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenShift Enterprise",
          "vendor": "Red Hat, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.7"
            }
          ]
        }
      ],
      "datePublic": "2018-03-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 (Improper Access Control)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-13T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552987"
        },
        {
          "name": "103364",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103364"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-1069",
    "datePublished": "2018-03-09T14:00:00Z",
    "dateReserved": "2017-12-04T00:00:00",
    "dateUpdated": "2024-08-05T03:51:47.337Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}