Vulnerability Description
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.
CVSS Score
8.8
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift Origin | - |
| Redhat | Openshift | 3.2 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2016:1064Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1316127
- https://github.com/openshift/origin/pull/7864Patch
- https://access.redhat.com/errata/RHSA-2016:1064Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1316127
- https://github.com/openshift/origin/pull/7864Patch
FAQ
What is CVE-2016-2160?
CVE-2016-2160 is a vulnerability with a CVSS score of 8.8 (HIGH). Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.
How severe is CVE-2016-2160?
CVE-2016-2160 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-2160?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift Origin, Redhat Openshift.