Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2018-10843
Vulnerability from cvelistv5
Published
2018-07-02 17:00
Modified
2024-08-05 07:46
Severity ?
EPSS score ?
Summary
source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2013 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2013 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | [UNKNOWN] | source-to-image |
Version: atomic-openshift 3.7.53 Version: atomic-openshift 3.9.31 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843"
},
{
"name": "RHSA-2018:2013",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "source-to-image",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "atomic-openshift 3.7.53"
},
{
"status": "affected",
"version": "atomic-openshift 3.9.31"
}
]
}
],
"datePublic": "2018-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-03T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843"
},
{
"name": "RHSA-2018:2013",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "source-to-image",
"version": {
"version_data": [
{
"version_value": "atomic-openshift 3.7.53"
},
{
"version_value": "atomic-openshift 3.9.31"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843"
},
{
"name": "RHSA-2018:2013",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10843",
"datePublished": "2018-07-02T17:00:00",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-08-05T07:46:46.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.7.53\", \"matchCriteriaId\": \"D87A2FB2-6062-4C74-A076-925E60500A3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"309CB6F8-F178-454C-BE97-787F78647C28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:3.9.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE62D7AF-840F-481D-8EB1-06F7D7B57E45\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.\"}, {\"lang\": \"es\", \"value\": \"El componente source-to-image de Openshift Container Platform en versiones anteriores a atomic-openshift 3.7.53 y atomic-openshift 3.9.31 es vulnerable a un escalado de privilegios que permite que el script assemble se ejecute como usuario root en un contenedor no privilegiado. Un atacante puede usar este fallo para abrir conexiones de red y posiblemente otras acciones en el host que normalmente est\\u00e1 disponible solo para un usuario root.\"}]",
"id": "CVE-2018-10843",
"lastModified": "2024-11-21T03:42:07.440",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-07-02T17:29:00.207",
"references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2018:2013\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2013\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-10843\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-07-02T17:29:00.207\",\"lastModified\":\"2024-11-21T03:42:07.440\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.\"},{\"lang\":\"es\",\"value\":\"El componente source-to-image de Openshift Container Platform en versiones anteriores a atomic-openshift 3.7.53 y atomic-openshift 3.9.31 es vulnerable a un escalado de privilegios que permite que el script assemble se ejecute como usuario root en un contenedor no privilegiado. Un atacante puede usar este fallo para abrir conexiones de red y posiblemente otras acciones en el host que normalmente est\u00e1 disponible solo para un usuario root.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.7.53\",\"matchCriteriaId\":\"D87A2FB2-6062-4C74-A076-925E60500A3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"309CB6F8-F178-454C-BE97-787F78647C28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.9.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE62D7AF-840F-481D-8EB1-06F7D7B57E45\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2013\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}"
}
}
rhsa-2018:2013
Vulnerability from csaf_redhat
Published
2018-06-27 18:01
Modified
2024-11-22 12:05
Summary
Red Hat Security Advisory: OpenShift Container Platform 3.9 security, bug fix, and enhancement update
Notes
Topic
Red Hat OpenShift Container Platform release 3.9.31 is now available with updates to packages and images that address security issues, fix several bugs, and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.31. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:2014
Security Fix(es):
* routing: Malicious Service configuration can bring down routing for an entire shard (CVE-2018-1070)
* openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication (CVE-2018-1085)
* source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code (CVE-2018-10843)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank David Hocky (Comcast) for reporting CVE-2018-1085. The CVE-2018-1070 issue was discovered by Mark Chappell (Red Hat) and the CVE-2018-10843 issue was discovered by Jeremy Choi (Red Hat).
Space precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html
All OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 3.9.31 is now available with updates to packages and images that address security issues, fix several bugs, and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.31. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:2014\n\nSecurity Fix(es):\n\n* routing: Malicious Service configuration can bring down routing for an entire shard (CVE-2018-1070)\n\n* openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication (CVE-2018-1085)\n\n* source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code (CVE-2018-10843)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank David Hocky (Comcast) for reporting CVE-2018-1085. The CVE-2018-1070 issue was discovered by Mark Chappell (Red Hat) and the CVE-2018-10843 issue was discovered by Jeremy Choi (Red Hat).\n\nSpace precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nAll OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2013",
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html",
"url": "https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html"
},
{
"category": "external",
"summary": "1466390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466390"
},
{
"category": "external",
"summary": "1498398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498398"
},
{
"category": "external",
"summary": "1506175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506175"
},
{
"category": "external",
"summary": "1507429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1507429"
},
{
"category": "external",
"summary": "1512042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512042"
},
{
"category": "external",
"summary": "1525642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525642"
},
{
"category": "external",
"summary": "1529575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529575"
},
{
"category": "external",
"summary": "1531096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531096"
},
{
"category": "external",
"summary": "1534311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534311"
},
{
"category": "external",
"summary": "1534894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534894"
},
{
"category": "external",
"summary": "1537872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537872"
},
{
"category": "external",
"summary": "1538215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538215"
},
{
"category": "external",
"summary": "1539252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539252"
},
{
"category": "external",
"summary": "1539310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539310"
},
{
"category": "external",
"summary": "1539529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539529"
},
{
"category": "external",
"summary": "1539757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539757"
},
{
"category": "external",
"summary": "1540819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540819"
},
{
"category": "external",
"summary": "1541212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541212"
},
{
"category": "external",
"summary": "1541350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541350"
},
{
"category": "external",
"summary": "1542387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542387"
},
{
"category": "external",
"summary": "1542460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542460"
},
{
"category": "external",
"summary": "1546097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546097"
},
{
"category": "external",
"summary": "1546324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546324"
},
{
"category": "external",
"summary": "1546936",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546936"
},
{
"category": "external",
"summary": "1548677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548677"
},
{
"category": "external",
"summary": "1549060",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549060"
},
{
"category": "external",
"summary": "1549454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549454"
},
{
"category": "external",
"summary": "1550193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550193"
},
{
"category": "external",
"summary": "1550316",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550316"
},
{
"category": "external",
"summary": "1550385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550385"
},
{
"category": "external",
"summary": "1550591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550591"
},
{
"category": "external",
"summary": "1553012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553012"
},
{
"category": "external",
"summary": "1553035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553035"
},
{
"category": "external",
"summary": "1553294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553294"
},
{
"category": "external",
"summary": "1554141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554141"
},
{
"category": "external",
"summary": "1554145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554145"
},
{
"category": "external",
"summary": "1554239",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554239"
},
{
"category": "external",
"summary": "1557040",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557040"
},
{
"category": "external",
"summary": "1557822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557822"
},
{
"category": "external",
"summary": "1558183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558183"
},
{
"category": "external",
"summary": "1558997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558997"
},
{
"category": "external",
"summary": "1560311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560311"
},
{
"category": "external",
"summary": "1563150",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563150"
},
{
"category": "external",
"summary": "1563673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563673"
},
{
"category": "external",
"summary": "1566238",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566238"
},
{
"category": "external",
"summary": "1568815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568815"
},
{
"category": "external",
"summary": "1569030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569030"
},
{
"category": "external",
"summary": "1570065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570065"
},
{
"category": "external",
"summary": "1570581",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570581"
},
{
"category": "external",
"summary": "1571601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571601"
},
{
"category": "external",
"summary": "1571944",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571944"
},
{
"category": "external",
"summary": "1572786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572786"
},
{
"category": "external",
"summary": "1579096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579096"
},
{
"category": "external",
"summary": "1580538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580538"
},
{
"category": "external",
"summary": "1583895",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583895"
},
{
"category": "external",
"summary": "1585243",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585243"
},
{
"category": "external",
"summary": "1586076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1586076"
},
{
"category": "external",
"summary": "1588009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588009"
},
{
"category": "external",
"summary": "1588768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2013.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.9 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T12:05:42+00:00",
"generator": {
"date": "2024-11-22T12:05:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:2013",
"initial_release_date": "2018-06-27T18:01:43+00:00",
"revision_history": [
{
"date": "2018-06-27T18:01:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-06-27T18:01:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T12:05:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.9",
"product": {
"name": "Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.9::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"product": {
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"product_id": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.31-1.git.246.bded6a4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"product": {
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"product_id": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-1.git.167.5d6b0d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"product": {
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"product_id": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-1.git.267.bb59a3f.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
"product": {
"name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
"product_id": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-node-exporter@3.9.31-1.git.890.a55de06.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.31-1.git.351.1bd46ed.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"product": {
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"product_id": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.31-1.git.246.bded6a4.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"product": {
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"product_id": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.31-1.git.0.ef9737b.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"product": {
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"product_id": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-1.git.167.5d6b0d4.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"product": {
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"product_id": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.9.31-1.git.34.154617d.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"product": {
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"product_id": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-1.git.267.bb59a3f.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "mysql-apb-role-0:1.1.11-1.el7.src",
"product": {
"name": "mysql-apb-role-0:1.1.11-1.el7.src",
"product_id": "mysql-apb-role-0:1.1.11-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-apb-role@1.1.11-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"product": {
"name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"product_id": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.31-1.git.890.a55de06.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.9.31-1.git.0.ef9737b.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.9.31-1.git.0.ef9737b.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-utils@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-roles@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-docs@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mysql-apb-role-0:1.1.11-1.el7.noarch",
"product": {
"name": "mysql-apb-role-0:1.1.11-1.el7.noarch",
"product_id": "mysql-apb-role-0:1.1.11-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-apb-role@1.1.11-1.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src"
},
"product_reference": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src"
},
"product_reference": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64"
},
"product_reference": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src"
},
"product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64"
},
"product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src"
},
"product_reference": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64"
},
"product_reference": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src"
},
"product_reference": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-apb-role-0:1.1.11-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch"
},
"product_reference": "mysql-apb-role-0:1.1.11-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-apb-role-0:1.1.11-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src"
},
"product_reference": "mysql-apb-role-0:1.1.11-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src"
},
"product_reference": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
},
"product_reference": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mark Chappell"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-1070",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1553035"
}
],
"notes": [
{
"category": "description",
"text": "Improper input validation of the Openshift Routing configuration can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Routing: Malicous Service configuration can bring down routing for an entire shard.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1070"
},
{
"category": "external",
"summary": "RHBZ#1553035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553035"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1070",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1070"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1070",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1070"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-27T18:01:43+00:00",
"details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Routing: Malicous Service configuration can bring down routing for an entire shard."
},
{
"acknowledgments": [
{
"names": [
"David Hocky"
],
"organization": "Comcast"
}
],
"cve": "CVE-2018-1085",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1557822"
}
],
"notes": [
{
"category": "description",
"text": "OpenShift and Atomic Enterprise Ansible deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects Openshift Container Platform (OCP) only if you use the container installation method. The container installation method is tech preview in 3.7.1. This issue affected all users who did a containerized etcd in OCP versions 3.7.1-3.6.\n\nIf etcd is installed via RPM and run via \u0027/usr/bin/etcd\u0027 it\u0027s not affected by this flaw. You can check if etcd is being run from \u0027/usr//bin/etcd\u0027 using a \u0027ps\u0027 command such as this on the master nodes. If Installed via RPM you should get output similar to:\n\nps -ef | grep etcd\n$/usr/bin/etcd --name=master-0.example.com --data-dir=/var/lib/etcd/ --listen-client-urls=https://10.0.1.1:2379\n\nIf etcd is installed via the container method running \u0027docker ps\u0027 on the master will show a container running the registry.access.redhat.com/rhel7/etcd image, eg:\n\nsudo docker ps --filter name=etcd_container\n$704effa9b0cc registry.access.redhat.com/rhel7/etcd \"/usr/bin/etcd\" 56 minutes ago Up 56 minutes etcd_container",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1085"
},
{
"category": "external",
"summary": "RHBZ#1557822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1085",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1085"
}
],
"release_date": "2018-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-27T18:01:43+00:00",
"details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
},
{
"category": "workaround",
"details": "On master nodes where etcd has been installed using the container method:\n\n0. Verify you can connect to etcd without providing TLS authentication credentials. On any master node, check the ETCD_LISTEN_CLIENT_URLS in /etc/etcd/etcd.conf, and use one of the client urls to connect without providing a certificate, eg:\n curl -4 curl https://10.0.1.1:2379/version -k\n\n0a. If vulnerable output will show something like this:\n {\"etcdserver\":\"3.2.15\",\"etcdcluster\":\"3.2.0\"}\n\n0b. If not affected the connection will fail with:\n curl: (58) NSS: client certificate not found (nickname not specified)\n\n1. update /etc/etcd/etcd.conf on the master nodes to remove quotes from these fields:\n ETCD_PEER_CLIENT_CERT_AUTH=\"true\"\n ETCD_CLIENT_CERT_AUTH=\"true\"\neg.\n ETCD_PEER_CLIENT_CERT_AUTH=true\n ETCD_CLIENT_CERT_AUTH=true\n\n2. Restart the etcd container service:\n sudo systemctl restart etcd_container\n\n3. Test if client authentication is now required using the steps from 0. above.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication"
},
{
"acknowledgments": [
{
"names": [
"Jeremy Choi"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10843",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1579096"
}
],
"notes": [
{
"category": "description",
"text": "A privilege escalation flaw was found in the source-to-image component of Openshift Container Platform which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10843"
},
{
"category": "external",
"summary": "RHBZ#1579096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579096"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10843"
}
],
"release_date": "2018-05-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-27T18:01:43+00:00",
"details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code"
}
]
}
RHSA-2018:2013
Vulnerability from csaf_redhat
Published
2018-06-27 18:01
Modified
2024-11-22 12:05
Summary
Red Hat Security Advisory: OpenShift Container Platform 3.9 security, bug fix, and enhancement update
Notes
Topic
Red Hat OpenShift Container Platform release 3.9.31 is now available with updates to packages and images that address security issues, fix several bugs, and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.31. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:2014
Security Fix(es):
* routing: Malicious Service configuration can bring down routing for an entire shard (CVE-2018-1070)
* openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication (CVE-2018-1085)
* source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code (CVE-2018-10843)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank David Hocky (Comcast) for reporting CVE-2018-1085. The CVE-2018-1070 issue was discovered by Mark Chappell (Red Hat) and the CVE-2018-10843 issue was discovered by Jeremy Choi (Red Hat).
Space precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html
All OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 3.9.31 is now available with updates to packages and images that address security issues, fix several bugs, and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.31. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:2014\n\nSecurity Fix(es):\n\n* routing: Malicious Service configuration can bring down routing for an entire shard (CVE-2018-1070)\n\n* openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication (CVE-2018-1085)\n\n* source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code (CVE-2018-10843)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank David Hocky (Comcast) for reporting CVE-2018-1085. The CVE-2018-1070 issue was discovered by Mark Chappell (Red Hat) and the CVE-2018-10843 issue was discovered by Jeremy Choi (Red Hat).\n\nSpace precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nAll OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2013",
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html",
"url": "https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html"
},
{
"category": "external",
"summary": "1466390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466390"
},
{
"category": "external",
"summary": "1498398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498398"
},
{
"category": "external",
"summary": "1506175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506175"
},
{
"category": "external",
"summary": "1507429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1507429"
},
{
"category": "external",
"summary": "1512042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512042"
},
{
"category": "external",
"summary": "1525642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525642"
},
{
"category": "external",
"summary": "1529575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529575"
},
{
"category": "external",
"summary": "1531096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531096"
},
{
"category": "external",
"summary": "1534311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534311"
},
{
"category": "external",
"summary": "1534894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534894"
},
{
"category": "external",
"summary": "1537872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537872"
},
{
"category": "external",
"summary": "1538215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538215"
},
{
"category": "external",
"summary": "1539252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539252"
},
{
"category": "external",
"summary": "1539310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539310"
},
{
"category": "external",
"summary": "1539529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539529"
},
{
"category": "external",
"summary": "1539757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539757"
},
{
"category": "external",
"summary": "1540819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540819"
},
{
"category": "external",
"summary": "1541212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541212"
},
{
"category": "external",
"summary": "1541350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541350"
},
{
"category": "external",
"summary": "1542387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542387"
},
{
"category": "external",
"summary": "1542460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542460"
},
{
"category": "external",
"summary": "1546097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546097"
},
{
"category": "external",
"summary": "1546324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546324"
},
{
"category": "external",
"summary": "1546936",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546936"
},
{
"category": "external",
"summary": "1548677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548677"
},
{
"category": "external",
"summary": "1549060",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549060"
},
{
"category": "external",
"summary": "1549454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549454"
},
{
"category": "external",
"summary": "1550193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550193"
},
{
"category": "external",
"summary": "1550316",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550316"
},
{
"category": "external",
"summary": "1550385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550385"
},
{
"category": "external",
"summary": "1550591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550591"
},
{
"category": "external",
"summary": "1553012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553012"
},
{
"category": "external",
"summary": "1553035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553035"
},
{
"category": "external",
"summary": "1553294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553294"
},
{
"category": "external",
"summary": "1554141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554141"
},
{
"category": "external",
"summary": "1554145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554145"
},
{
"category": "external",
"summary": "1554239",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554239"
},
{
"category": "external",
"summary": "1557040",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557040"
},
{
"category": "external",
"summary": "1557822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557822"
},
{
"category": "external",
"summary": "1558183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558183"
},
{
"category": "external",
"summary": "1558997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558997"
},
{
"category": "external",
"summary": "1560311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560311"
},
{
"category": "external",
"summary": "1563150",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563150"
},
{
"category": "external",
"summary": "1563673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563673"
},
{
"category": "external",
"summary": "1566238",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566238"
},
{
"category": "external",
"summary": "1568815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568815"
},
{
"category": "external",
"summary": "1569030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569030"
},
{
"category": "external",
"summary": "1570065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570065"
},
{
"category": "external",
"summary": "1570581",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570581"
},
{
"category": "external",
"summary": "1571601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571601"
},
{
"category": "external",
"summary": "1571944",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571944"
},
{
"category": "external",
"summary": "1572786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572786"
},
{
"category": "external",
"summary": "1579096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579096"
},
{
"category": "external",
"summary": "1580538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580538"
},
{
"category": "external",
"summary": "1583895",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583895"
},
{
"category": "external",
"summary": "1585243",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585243"
},
{
"category": "external",
"summary": "1586076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1586076"
},
{
"category": "external",
"summary": "1588009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588009"
},
{
"category": "external",
"summary": "1588768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2013.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.9 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T12:05:42+00:00",
"generator": {
"date": "2024-11-22T12:05:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:2013",
"initial_release_date": "2018-06-27T18:01:43+00:00",
"revision_history": [
{
"date": "2018-06-27T18:01:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-06-27T18:01:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T12:05:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.9",
"product": {
"name": "Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.9::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"product": {
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"product_id": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.31-1.git.246.bded6a4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"product": {
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"product_id": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-1.git.167.5d6b0d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"product": {
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"product_id": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-1.git.267.bb59a3f.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
"product": {
"name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
"product_id": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-node-exporter@3.9.31-1.git.890.a55de06.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.31-1.git.351.1bd46ed.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"product": {
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"product_id": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.31-1.git.246.bded6a4.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"product": {
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"product_id": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.31-1.git.0.ef9737b.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"product": {
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"product_id": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-1.git.167.5d6b0d4.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"product": {
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"product_id": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.9.31-1.git.34.154617d.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"product": {
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"product_id": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-1.git.267.bb59a3f.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "mysql-apb-role-0:1.1.11-1.el7.src",
"product": {
"name": "mysql-apb-role-0:1.1.11-1.el7.src",
"product_id": "mysql-apb-role-0:1.1.11-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-apb-role@1.1.11-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"product": {
"name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"product_id": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.31-1.git.890.a55de06.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.9.31-1.git.0.ef9737b.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.9.31-1.git.0.ef9737b.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-utils@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-roles@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-docs@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mysql-apb-role-0:1.1.11-1.el7.noarch",
"product": {
"name": "mysql-apb-role-0:1.1.11-1.el7.noarch",
"product_id": "mysql-apb-role-0:1.1.11-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-apb-role@1.1.11-1.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src"
},
"product_reference": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src"
},
"product_reference": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64"
},
"product_reference": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src"
},
"product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64"
},
"product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src"
},
"product_reference": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64"
},
"product_reference": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src"
},
"product_reference": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-apb-role-0:1.1.11-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch"
},
"product_reference": "mysql-apb-role-0:1.1.11-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-apb-role-0:1.1.11-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src"
},
"product_reference": "mysql-apb-role-0:1.1.11-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src"
},
"product_reference": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
},
"product_reference": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mark Chappell"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-1070",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1553035"
}
],
"notes": [
{
"category": "description",
"text": "Improper input validation of the Openshift Routing configuration can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Routing: Malicous Service configuration can bring down routing for an entire shard.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1070"
},
{
"category": "external",
"summary": "RHBZ#1553035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553035"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1070",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1070"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1070",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1070"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-27T18:01:43+00:00",
"details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Routing: Malicous Service configuration can bring down routing for an entire shard."
},
{
"acknowledgments": [
{
"names": [
"David Hocky"
],
"organization": "Comcast"
}
],
"cve": "CVE-2018-1085",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1557822"
}
],
"notes": [
{
"category": "description",
"text": "OpenShift and Atomic Enterprise Ansible deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects Openshift Container Platform (OCP) only if you use the container installation method. The container installation method is tech preview in 3.7.1. This issue affected all users who did a containerized etcd in OCP versions 3.7.1-3.6.\n\nIf etcd is installed via RPM and run via \u0027/usr/bin/etcd\u0027 it\u0027s not affected by this flaw. You can check if etcd is being run from \u0027/usr//bin/etcd\u0027 using a \u0027ps\u0027 command such as this on the master nodes. If Installed via RPM you should get output similar to:\n\nps -ef | grep etcd\n$/usr/bin/etcd --name=master-0.example.com --data-dir=/var/lib/etcd/ --listen-client-urls=https://10.0.1.1:2379\n\nIf etcd is installed via the container method running \u0027docker ps\u0027 on the master will show a container running the registry.access.redhat.com/rhel7/etcd image, eg:\n\nsudo docker ps --filter name=etcd_container\n$704effa9b0cc registry.access.redhat.com/rhel7/etcd \"/usr/bin/etcd\" 56 minutes ago Up 56 minutes etcd_container",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1085"
},
{
"category": "external",
"summary": "RHBZ#1557822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1085",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1085"
}
],
"release_date": "2018-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-27T18:01:43+00:00",
"details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
},
{
"category": "workaround",
"details": "On master nodes where etcd has been installed using the container method:\n\n0. Verify you can connect to etcd without providing TLS authentication credentials. On any master node, check the ETCD_LISTEN_CLIENT_URLS in /etc/etcd/etcd.conf, and use one of the client urls to connect without providing a certificate, eg:\n curl -4 curl https://10.0.1.1:2379/version -k\n\n0a. If vulnerable output will show something like this:\n {\"etcdserver\":\"3.2.15\",\"etcdcluster\":\"3.2.0\"}\n\n0b. If not affected the connection will fail with:\n curl: (58) NSS: client certificate not found (nickname not specified)\n\n1. update /etc/etcd/etcd.conf on the master nodes to remove quotes from these fields:\n ETCD_PEER_CLIENT_CERT_AUTH=\"true\"\n ETCD_CLIENT_CERT_AUTH=\"true\"\neg.\n ETCD_PEER_CLIENT_CERT_AUTH=true\n ETCD_CLIENT_CERT_AUTH=true\n\n2. Restart the etcd container service:\n sudo systemctl restart etcd_container\n\n3. Test if client authentication is now required using the steps from 0. above.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication"
},
{
"acknowledgments": [
{
"names": [
"Jeremy Choi"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10843",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1579096"
}
],
"notes": [
{
"category": "description",
"text": "A privilege escalation flaw was found in the source-to-image component of Openshift Container Platform which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10843"
},
{
"category": "external",
"summary": "RHBZ#1579096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579096"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10843"
}
],
"release_date": "2018-05-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-27T18:01:43+00:00",
"details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code"
}
]
}
rhsa-2018_2013
Vulnerability from csaf_redhat
Published
2018-06-27 18:01
Modified
2024-11-22 12:05
Summary
Red Hat Security Advisory: OpenShift Container Platform 3.9 security, bug fix, and enhancement update
Notes
Topic
Red Hat OpenShift Container Platform release 3.9.31 is now available with updates to packages and images that address security issues, fix several bugs, and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.31. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2018:2014
Security Fix(es):
* routing: Malicious Service configuration can bring down routing for an entire shard (CVE-2018-1070)
* openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication (CVE-2018-1085)
* source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code (CVE-2018-10843)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank David Hocky (Comcast) for reporting CVE-2018-1085. The CVE-2018-1070 issue was discovered by Mark Chappell (Red Hat) and the CVE-2018-10843 issue was discovered by Jeremy Choi (Red Hat).
Space precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html
All OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 3.9.31 is now available with updates to packages and images that address security issues, fix several bugs, and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is the company\u0027s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.31. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2018:2014\n\nSecurity Fix(es):\n\n* routing: Malicious Service configuration can bring down routing for an entire shard (CVE-2018-1070)\n\n* openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication (CVE-2018-1085)\n\n* source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code (CVE-2018-10843)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank David Hocky (Comcast) for reporting CVE-2018-1085. The CVE-2018-1070 issue was discovered by Mark Chappell (Red Hat) and the CVE-2018-10843 issue was discovered by Jeremy Choi (Red Hat).\n\nSpace precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nAll OpenShift Container Platform 3.9 users are advised to upgrade to these updated packages and images.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2013",
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html",
"url": "https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html"
},
{
"category": "external",
"summary": "1466390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466390"
},
{
"category": "external",
"summary": "1498398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498398"
},
{
"category": "external",
"summary": "1506175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506175"
},
{
"category": "external",
"summary": "1507429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1507429"
},
{
"category": "external",
"summary": "1512042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512042"
},
{
"category": "external",
"summary": "1525642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525642"
},
{
"category": "external",
"summary": "1529575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529575"
},
{
"category": "external",
"summary": "1531096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531096"
},
{
"category": "external",
"summary": "1534311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534311"
},
{
"category": "external",
"summary": "1534894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534894"
},
{
"category": "external",
"summary": "1537872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537872"
},
{
"category": "external",
"summary": "1538215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538215"
},
{
"category": "external",
"summary": "1539252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539252"
},
{
"category": "external",
"summary": "1539310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539310"
},
{
"category": "external",
"summary": "1539529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539529"
},
{
"category": "external",
"summary": "1539757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539757"
},
{
"category": "external",
"summary": "1540819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540819"
},
{
"category": "external",
"summary": "1541212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541212"
},
{
"category": "external",
"summary": "1541350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541350"
},
{
"category": "external",
"summary": "1542387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542387"
},
{
"category": "external",
"summary": "1542460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542460"
},
{
"category": "external",
"summary": "1546097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546097"
},
{
"category": "external",
"summary": "1546324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546324"
},
{
"category": "external",
"summary": "1546936",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546936"
},
{
"category": "external",
"summary": "1548677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548677"
},
{
"category": "external",
"summary": "1549060",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549060"
},
{
"category": "external",
"summary": "1549454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549454"
},
{
"category": "external",
"summary": "1550193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550193"
},
{
"category": "external",
"summary": "1550316",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550316"
},
{
"category": "external",
"summary": "1550385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550385"
},
{
"category": "external",
"summary": "1550591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550591"
},
{
"category": "external",
"summary": "1553012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553012"
},
{
"category": "external",
"summary": "1553035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553035"
},
{
"category": "external",
"summary": "1553294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553294"
},
{
"category": "external",
"summary": "1554141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554141"
},
{
"category": "external",
"summary": "1554145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554145"
},
{
"category": "external",
"summary": "1554239",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554239"
},
{
"category": "external",
"summary": "1557040",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557040"
},
{
"category": "external",
"summary": "1557822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557822"
},
{
"category": "external",
"summary": "1558183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558183"
},
{
"category": "external",
"summary": "1558997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558997"
},
{
"category": "external",
"summary": "1560311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560311"
},
{
"category": "external",
"summary": "1563150",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563150"
},
{
"category": "external",
"summary": "1563673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563673"
},
{
"category": "external",
"summary": "1566238",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566238"
},
{
"category": "external",
"summary": "1568815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568815"
},
{
"category": "external",
"summary": "1569030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569030"
},
{
"category": "external",
"summary": "1570065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570065"
},
{
"category": "external",
"summary": "1570581",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570581"
},
{
"category": "external",
"summary": "1571601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571601"
},
{
"category": "external",
"summary": "1571944",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571944"
},
{
"category": "external",
"summary": "1572786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572786"
},
{
"category": "external",
"summary": "1579096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579096"
},
{
"category": "external",
"summary": "1580538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580538"
},
{
"category": "external",
"summary": "1583895",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583895"
},
{
"category": "external",
"summary": "1585243",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585243"
},
{
"category": "external",
"summary": "1586076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1586076"
},
{
"category": "external",
"summary": "1588009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588009"
},
{
"category": "external",
"summary": "1588768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588768"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2013.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.9 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T12:05:42+00:00",
"generator": {
"date": "2024-11-22T12:05:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:2013",
"initial_release_date": "2018-06-27T18:01:43+00:00",
"revision_history": [
{
"date": "2018-06-27T18:01:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-06-27T18:01:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T12:05:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.9",
"product": {
"name": "Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.9::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"product": {
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"product_id": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.31-1.git.246.bded6a4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.9.31-1.git.0.ef9737b.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"product": {
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"product_id": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-1.git.167.5d6b0d4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"product": {
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"product_id": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-1.git.267.bb59a3f.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
"product": {
"name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
"product_id": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-node-exporter@3.9.31-1.git.890.a55de06.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.31-1.git.351.1bd46ed.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"product": {
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"product_id": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.31-1.git.246.bded6a4.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"product": {
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"product_id": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.9.31-1.git.0.ef9737b.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"product": {
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"product_id": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-1.git.167.5d6b0d4.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"product": {
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"product_id": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.9.31-1.git.34.154617d.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"product": {
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"product_id": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-1.git.267.bb59a3f.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "mysql-apb-role-0:1.1.11-1.el7.src",
"product": {
"name": "mysql-apb-role-0:1.1.11-1.el7.src",
"product_id": "mysql-apb-role-0:1.1.11-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-apb-role@1.1.11-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"product": {
"name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"product_id": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.31-1.git.890.a55de06.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.9.31-1.git.0.ef9737b.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.9.31-1.git.0.ef9737b.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-utils@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-roles@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"product": {
"name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_id": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-docs@3.9.31-1.git.34.154617d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mysql-apb-role-0:1.1.11-1.el7.noarch",
"product": {
"name": "mysql-apb-role-0:1.1.11-1.el7.noarch",
"product_id": "mysql-apb-role-0:1.1.11-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mysql-apb-role@1.1.11-1.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src"
},
"product_reference": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src"
},
"product_reference": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64"
},
"product_reference": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src"
},
"product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64"
},
"product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src"
},
"product_reference": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64"
},
"product_reference": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src"
},
"product_reference": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-apb-role-0:1.1.11-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch"
},
"product_reference": "mysql-apb-role-0:1.1.11-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mysql-apb-role-0:1.1.11-1.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src"
},
"product_reference": "mysql-apb-role-0:1.1.11-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src"
},
"product_reference": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch"
},
"product_reference": "openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9",
"product_id": "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
},
"product_reference": "prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.9"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mark Chappell"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-1070",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1553035"
}
],
"notes": [
{
"category": "description",
"text": "Improper input validation of the Openshift Routing configuration can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Routing: Malicous Service configuration can bring down routing for an entire shard.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1070"
},
{
"category": "external",
"summary": "RHBZ#1553035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553035"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1070",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1070"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1070",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1070"
}
],
"release_date": "2018-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-27T18:01:43+00:00",
"details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Routing: Malicous Service configuration can bring down routing for an entire shard."
},
{
"acknowledgments": [
{
"names": [
"David Hocky"
],
"organization": "Comcast"
}
],
"cve": "CVE-2018-1085",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1557822"
}
],
"notes": [
{
"category": "description",
"text": "OpenShift and Atomic Enterprise Ansible deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects Openshift Container Platform (OCP) only if you use the container installation method. The container installation method is tech preview in 3.7.1. This issue affected all users who did a containerized etcd in OCP versions 3.7.1-3.6.\n\nIf etcd is installed via RPM and run via \u0027/usr/bin/etcd\u0027 it\u0027s not affected by this flaw. You can check if etcd is being run from \u0027/usr//bin/etcd\u0027 using a \u0027ps\u0027 command such as this on the master nodes. If Installed via RPM you should get output similar to:\n\nps -ef | grep etcd\n$/usr/bin/etcd --name=master-0.example.com --data-dir=/var/lib/etcd/ --listen-client-urls=https://10.0.1.1:2379\n\nIf etcd is installed via the container method running \u0027docker ps\u0027 on the master will show a container running the registry.access.redhat.com/rhel7/etcd image, eg:\n\nsudo docker ps --filter name=etcd_container\n$704effa9b0cc registry.access.redhat.com/rhel7/etcd \"/usr/bin/etcd\" 56 minutes ago Up 56 minutes etcd_container",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1085"
},
{
"category": "external",
"summary": "RHBZ#1557822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1085",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1085"
}
],
"release_date": "2018-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-27T18:01:43+00:00",
"details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
},
{
"category": "workaround",
"details": "On master nodes where etcd has been installed using the container method:\n\n0. Verify you can connect to etcd without providing TLS authentication credentials. On any master node, check the ETCD_LISTEN_CLIENT_URLS in /etc/etcd/etcd.conf, and use one of the client urls to connect without providing a certificate, eg:\n curl -4 curl https://10.0.1.1:2379/version -k\n\n0a. If vulnerable output will show something like this:\n {\"etcdserver\":\"3.2.15\",\"etcdcluster\":\"3.2.0\"}\n\n0b. If not affected the connection will fail with:\n curl: (58) NSS: client certificate not found (nickname not specified)\n\n1. update /etc/etcd/etcd.conf on the master nodes to remove quotes from these fields:\n ETCD_PEER_CLIENT_CERT_AUTH=\"true\"\n ETCD_CLIENT_CERT_AUTH=\"true\"\neg.\n ETCD_PEER_CLIENT_CERT_AUTH=true\n ETCD_CLIENT_CERT_AUTH=true\n\n2. Restart the etcd container service:\n sudo systemctl restart etcd_container\n\n3. Test if client authentication is now required using the steps from 0. above.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openshift-ansible: Incorrectly quoted values in etcd.conf causes disabling of SSL client certificate authentication"
},
{
"acknowledgments": [
{
"names": [
"Jeremy Choi"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-10843",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1579096"
}
],
"notes": [
{
"category": "description",
"text": "A privilege escalation flaw was found in the source-to-image component of Openshift Container Platform which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10843"
},
{
"category": "external",
"summary": "RHBZ#1579096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579096"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10843"
}
],
"release_date": "2018-05-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-06-27T18:01:43+00:00",
"details": "For OpenShift Container Platform 3.9 see the following documentation, which will be updated shortly for release 3.9.31, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.",
"product_ids": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.31-1.git.0.ef9737b.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.31-1.git.0.ef9737b.el7.x86_64",
"7Server-RH7-RHOSE-3.9:atomic-openshift-utils-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.src",
"7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7.x86_64",
"7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7.src",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.noarch",
"7Server-RH7-RHOSE-3.9:mysql-apb-role-0:1.1.11-1.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-0:3.9.31-1.git.34.154617d.el7.src",
"7Server-RH7-RHOSE-3.9:openshift-ansible-docs-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-playbooks-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:openshift-ansible-roles-0:3.9.31-1.git.34.154617d.el7.noarch",
"7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.31-1.git.890.a55de06.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code"
}
]
}
gsd-2018-10843
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-10843",
"description": "source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.",
"id": "GSD-2018-10843",
"references": [
"https://access.redhat.com/errata/RHSA-2018:2013"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-10843"
],
"details": "source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.",
"id": "GSD-2018-10843",
"modified": "2023-12-13T01:22:41.374756Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "source-to-image",
"version": {
"version_data": [
{
"version_value": "atomic-openshift 3.7.53"
},
{
"version_value": "atomic-openshift 3.9.31"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843"
},
{
"name": "RHSA-2018:2013",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.53",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.9.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10843"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843"
},
{
"name": "RHSA-2018:2013",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-09T23:33Z",
"publishedDate": "2018-07-02T17:29Z"
}
}
}
cve-2018-10843
Vulnerability from fkie_nvd
Published
2018-07-02 17:29
Modified
2024-11-21 03:42
Severity ?
8.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2013 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2013 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | openshift_container_platform | * | |
| redhat | openshift_container_platform | 3.9 | |
| redhat | openshift_container_platform | 3.9.31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D87A2FB2-6062-4C74-A076-925E60500A3D",
"versionEndExcluding": "3.7.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "309CB6F8-F178-454C-BE97-787F78647C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.9.31:*:*:*:*:*:*:*",
"matchCriteriaId": "AE62D7AF-840F-481D-8EB1-06F7D7B57E45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user."
},
{
"lang": "es",
"value": "El componente source-to-image de Openshift Container Platform en versiones anteriores a atomic-openshift 3.7.53 y atomic-openshift 3.9.31 es vulnerable a un escalado de privilegios que permite que el script assemble se ejecute como usuario root en un contenedor no privilegiado. Un atacante puede usar este fallo para abrir conexiones de red y posiblemente otras acciones en el host que normalmente est\u00e1 disponible solo para un usuario root."
}
],
"id": "CVE-2018-10843",
"lastModified": "2024-11-21T03:42:07.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-02T17:29:00.207",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-h5q5-9vcx-54g7
Vulnerability from github
Published
2022-05-13 01:34
Modified
2022-05-13 01:34
Severity ?
Details
source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.
{
"affected": [],
"aliases": [
"CVE-2018-10843"
],
"database_specific": {
"cwe_ids": [
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-02T17:29:00Z",
"severity": "HIGH"
},
"details": "source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.",
"id": "GHSA-h5q5-9vcx-54g7",
"modified": "2022-05-13T01:34:58Z",
"published": "2022-05-13T01:34:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10843"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2013"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.