PT-2018-4101 · Red Hat · Red Hat Openshift Enterprise
Michael Scherer
·
Publicado
2018-01-08
·
Atualizado
2018-02-01
·
CVE-2013-4364
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Red Hat OpenShift Enterprise versions 1 and 2
Description
The issue allows local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. This is related to the oo-analytics-export and oo-analytics-import components in the openshift-origin-broker-util package.
Recommendations
For Red Hat OpenShift Enterprise version 1, consider restricting access to the oo-analytics-export and oo-analytics-import components until a fix is available.
For Red Hat OpenShift Enterprise version 2, consider restricting access to the oo-analytics-export and oo-analytics-import components until a fix is available.
As a temporary workaround, consider disabling the use of temporary files in /tmp by the oo-analytics-export and oo-analytics-import components to minimize the risk of exploitation.
Correção
Link Following
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Red Hat Openshift Enterprise