CVE-2017-15137

Published: Jul 16, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.

Affected (2)

Products: Redhat: Openshift, Openshift Container Platform

Redhat

2 products

Openshift

Openshift Container Platform

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift	All versions
Redhat Openshift Container Platform	Version 3.9

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://access.redhat.com/errata/RHBA-2018:0489

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://access.redhat.com/errata/RHBA-2018:0489

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.