Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-8631

The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.

Published

2018-07-31T20:29:00.370

Last Modified

2024-11-21T02:59:43.393

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20
Type: Secondary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	openshift	3.0	Yes
Application	redhat	openshift	3.3	Yes

References

http://www.securityfocus.com/bid/94110 Third Party Advisory, VDB Entry, Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2016:2696 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631 Issue Tracking, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/94110 Third Party Advisory, VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2016:2696 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)