PT-2018-4101 · Red Hat · Red Hat Openshift Enterprise
Michael Scherer
·
Published
2018-01-08
·
Updated
2018-02-01
·
CVE-2013-4364
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Red Hat OpenShift Enterprise versions 1 and 2
Description
The issue allows local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. This is related to the oo-analytics-export and oo-analytics-import components in the openshift-origin-broker-util package.
Recommendations
For Red Hat OpenShift Enterprise version 1, consider restricting access to the oo-analytics-export and oo-analytics-import components until a fix is available.
For Red Hat OpenShift Enterprise version 2, consider restricting access to the oo-analytics-export and oo-analytics-import components until a fix is available.
As a temporary workaround, consider disabling the use of temporary files in /tmp by the oo-analytics-export and oo-analytics-import components to minimize the risk of exploitation.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Openshift Enterprise