CVE-2017-15137

EPSS 0.17%
Veröffentlicht 16.07.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 03:14:08
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Openshift Version-

Redhat ≫ Openshift Container Platform Version3.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.344

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
secalert@redhat.com	4.3	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/errata/RHBA-2018:0489

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-15137

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-15137

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-15137

EUVD