Описание
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.
Отчет
On OpenShift Enterprise 2.1 the broker and node should be installed on separate systems, as such there should not be any local untrusted users on the broker system(s). This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Enterprise 1 | openshift-origin-broker-util | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | openshift-origin-broker-util | Will not fix |
Показывать по
Дополнительная информация
Статус:
4.6 Medium
CVSS2
Связанные уязвимости
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.
4.6 Medium
CVSS2