Описание
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.
An out of bounds write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform 3.x. An attacker can use this flaw to cause a denial of service attack on the Openshift master API service which provides cluster management.
Отчет
A multi-master Openshift Container Platform cluster is more resilient, however a sustained attack would still have an important impact.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.2 | atomic-openshift | Affected | ||
| Red Hat OpenShift Container Platform 3.3 | atomic-openshift | Affected | ||
| Red Hat OpenShift Container Platform 3.4 | atomic-openshift | Affected | ||
| Red Hat OpenShift Container Platform 3.5 | atomic-openshift | Affected | ||
| Red Hat OpenShift Container Platform 4 | openshift | Not affected | ||
| Red Hat OpenShift Enterprise 3.0 | openshift | Affected | ||
| Red Hat OpenShift Container Platform 3.10 | atomic-openshift | Fixed | RHSA-2018:2709 | 11.11.2018 |
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift | Fixed | RHBA-2018:2652 | 11.10.2018 |
| Red Hat OpenShift Container Platform 3.6 | atomic-openshift | Fixed | RHSA-2018:2654 | 26.09.2018 |
| Red Hat OpenShift Container Platform 3.7 | atomic-openshift | Fixed | RHSA-2018:2906 | 21.11.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.7 High
CVSS3
Связанные уязвимости
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.
EPSS
7.7 High
CVSS3