CVE-2018-1069 — HIGH (7.1) — White Hats Nepal

Vulnerability Description

Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.

CVSS Score

7.1

HIGH

CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Redhat	Openshift	3.7

Related Weaknesses (CWE)

CWE-732 CWE-284

References

http://www.securityfocus.com/bid/103364Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1552987Issue TrackingMitigation
http://www.securityfocus.com/bid/103364Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1552987Issue TrackingMitigation

FAQ

What is CVE-2018-1069?

CVE-2018-1069 is a vulnerability with a CVSS score of 7.1 (HIGH). Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and...

How severe is CVE-2018-1069?

CVE-2018-1069 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1069?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift.