A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.
Weakness
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openshift | Redhat | 3.6 (including) | 3.6 (including) |
| Openshift | Redhat | 3.7 (including) | 3.7 (including) |
| Openshift | Redhat | 3.8 (including) | 3.8 (including) |
| Openshift | Redhat | 3.9 (including) | 3.9 (including) |
| Openshift | Redhat | 3.10 (including) | 3.10 (including) |
| Openshift | Redhat | 3.11 (including) | 3.11 (including) |
| Openshift | Redhat | 4.1 (including) | 4.1 (including) |
| Red Hat OpenShift Container Platform 4.7 | RedHat | openshift-0:4.7.0-202102060108.p0.git.97095.7271b90.el7 | * |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/21.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/459.html
- https://cwe.mitre.org/data/definitions/461.html
- https://cwe.mitre.org/data/definitions/473.html
- https://cwe.mitre.org/data/definitions/476.html
- https://cwe.mitre.org/data/definitions/59.html
- https://cwe.mitre.org/data/definitions/60.html
- https://cwe.mitre.org/data/definitions/667.html
- https://cwe.mitre.org/data/definitions/94.html