CVE-2018-1069
First published: Thu Mar 08 2018(Updated: )
GlusterFS and NFS network filesystems rely on File System User ID and Group ID information in order to restrict access to file shares. However it's possible to overwrite the Openshift restrictions on container UserId and GroupdId as they are not validated before being sent over the Openshift Networking. An attacker could use the flaw to read and write any data on the network filesystem.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Openshift | =3.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1346466
- https://github.com/gluster/gluster-kubernetes/blob/master/docs/design/tls-security.md
- https://docs.openshift.com/container-platform/3.7/admin_guide/managing_networking.html#admin-guide-controlling-egress-traffic
- https://docs.openshift.com/container-platform/3.7/admin_guide/managing_networking.html#enabling-static-ips-for-external-project-traffic
- https://docs.openshift.org/latest/admin_guide/managing_networking.html#admin-guide-deploying-an-egress-router-pod
- https://bugzilla.redhat.com/show_bug.cgi?id=1552987
- http://www.securityfocus.com/bid/103364
- agent/type
- agent/weakness
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/author
- agent/references
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-1069
- vendor/redhat
- canonical/redhat openshift
- version/redhat openshift/3.7