PT-2018-10055 · Red Hat · Openshift Routing

Jason Shepherd

Published

2018-06-12

Updated

2019-10-09

CVE-2018-1070

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Openshift Routing versions prior to 3.10

Description The issue is related to improper input validation of the Openshift Routing configuration, which can cause an entire shard to be brought down. A malicious user can exploit this to cause a Denial of Service attack for other users of the router shard.

Recommendations For versions prior to 3.10, update to version 3.10 or later to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-1070

RHSA-2018:2013

Affected Products

Openshift Routing

PT-2018-10055 · Red Hat · Openshift Routing

CVE-2018-1070

Weakness Enumeration

Related Identifiers

Affected Products

References · 4