CVE-2018-1103
6.1
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
Summary
Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Openshift Enterprise | unsanitized paths in tar.go | source-to-image 1.1.10 | affected |
Weaknesses
- CWE-22: CWE-22
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.