CVE-2018-1102

Summary

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.

Affected Software

VendorProductVersion RangeStatus
Red Hat, Inc.atomic-openshiftas shipped with Openshift Enterprise 3.xaffected

Weaknesses

  • CWE-20: CWE-20

ADP Enrichment

CVE Program Container

Additional References

References