CVE Vulnerabilities

CVE-2016-3738

Published: Jun 08, 2016 | Modified: Feb 12, 2023
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
6.5 IMPORTANT
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V3
Ubuntu

Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.

Affected Software

Name Vendor Start Version End Version
Openshift Redhat 3.2 (including) 3.2 (including)
Red Hat OpenShift Container Platform 3.2 RedHat atomic-openshift-0:3.2.0.44-1.git.0.a4463d9.el7 *
Red Hat OpenShift Container Platform 3.2 RedHat nodejs-node-uuid-0:1.4.7-1.el7 *

References