CVE-2018-1102

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openshift:3.4:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openshift:3.5:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openshift:3.6:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openshift:3.7:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openshift:3.8:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openshift:3.9:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 03:59

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2018:1227 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2018:1227 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2018:1229 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2018:1229 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2018:1231 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2018:1231 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2018:1233 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2018:1233 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2018:1235 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2018:1235 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2018:1237 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2018:1237 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2018:1239 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2018:1239 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2018:1241 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2018:1241 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2018:1243 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2018:1243 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2019:0036 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2019:0036 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=1562246 - Issue Tracking, Patch, Vendor Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=1562246 - Issue Tracking, Patch, Vendor Advisory

Information

Published : 2018-04-30 19:29

Updated : 2024-11-21 03:59


NVD link : CVE-2018-1102

Mitre link : CVE-2018-1102

CVE.ORG link : CVE-2018-1102


JSON object : View

Products Affected

redhat

  • openshift
CWE
CWE-20

Improper Input Validation

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')