PT-2016-5669 · Red Hat · Red Hat Openshift Enterprise
Published
2016-06-08
·
Updated
2023-02-12
·
CVE-2016-3708
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat OpenShift Enterprise version 3.2
Description
The issue allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that contains ONBUILD commands or does not contain a tar binary, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces.
Recommendations
For Red Hat OpenShift Enterprise version 3.2, consider restricting access to the s2i build feature with builder images that contain ONBUILD commands or do not contain a tar binary, until a fix is available. As a temporary workaround, consider disabling the multi-tenant SDN feature to minimize the risk of exploitation.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Openshift Enterprise