CVE-2017-15137

EPSS 0.17%
Published 16.07.2018 20:29:00
Last modified 21.11.2024 03:14:08
Source secalert@redhat.com
Teams watchlist Login
Open Login

The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Openshift Version-

Redhat ≫ Openshift Container Platform Version3.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.344

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
secalert@redhat.com	4.3	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/errata/RHBA-2018:0489

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-15137

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-15137

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-15137

EUVD