Vulnerability Description
An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift | 3.0 |
| Redhat | Openshift Container Platform | 3.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/94935Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2016:2915Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651Issue TrackingThird Party Advisory
- http://www.securityfocus.com/bid/94935Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2016:2915Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651Issue TrackingThird Party Advisory
FAQ
What is CVE-2016-8651?
CVE-2016-8651 is a vulnerability with a CVSS score of 3.1 (LOW). An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access t...
How severe is CVE-2016-8651?
CVE-2016-8651 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-8651?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift, Redhat Openshift Container Platform.