Red Hat update for Red Hat OpenShift Container Platform
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2017-1002101 CVE-2017-1002102 |
| CWE-ID | CWE-200 CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Red Hat OpenShift Container Platform Client/Desktop applications / Software for system administration |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU11127
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-1002101
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to improper security restrictions when using subpath volume mounts with any volume type. A remote attacker can gain unauthorized access to files and directories.
Install updates from vendor's website.
Red Hat OpenShift Container Platform: 3.3 - 3.7
External linkshttp://access.redhat.com/errata/RHSA-2018:0475
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Denial of service
EUVDB-ID: #VU11122
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-1002102
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent authenticated attacker to cause DoS condition on the target system.
The weakness exists due to improper atomic writer volume handling when using a container with secret, configMap, projected, or downwardAPI volume. An adjacent attacker can delete arbitrary files and directories and cause the service to crash.
Install updates from vendor's website.
Red Hat OpenShift Container Platform: 3.3 - 3.7
External linkshttp://access.redhat.com/errata/RHSA-2018:0475
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
