CVE-2016-8651

An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.
References
Link Resource
http://www.securityfocus.com/bid/94935 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2016:2915 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-08-01 16:29

Updated : 2024-02-28 16:48


NVD link : CVE-2016-8651

Mitre link : CVE-2016-8651

CVE.ORG link : CVE-2016-8651


JSON object : View

Products Affected

redhat

  • openshift_container_platform
  • openshift
CWE
CWE-20

Improper Input Validation