CVE-2016-8651

An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.
References
Link Resource
http://www.securityfocus.com/bid/94935 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2016:2915 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651 Issue Tracking Third Party Advisory
http://www.securityfocus.com/bid/94935 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2016:2915 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*

History

21 Nov 2024, 02:59

Type Values Removed Values Added
CVSS v2 : 2.7
v3 : 3.5
v2 : 2.7
v3 : 3.1
References () http://www.securityfocus.com/bid/94935 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/94935 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2016:2915 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2016:2915 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651 - Issue Tracking, Third Party Advisory

Information

Published : 2018-08-01 16:29

Updated : 2024-11-21 02:59


NVD link : CVE-2016-8651

Mitre link : CVE-2016-8651

CVE.ORG link : CVE-2016-8651


JSON object : View

Products Affected

redhat

  • openshift
  • openshift_container_platform
CWE
CWE-20

Improper Input Validation