CVE-2018-1103

Summary

Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.

Affected Software

VendorProductVersion RangeStatus
Openshift Enterpriseunsanitized paths in tar.gosource-to-image 1.1.10affected

Weaknesses

  • CWE-22: CWE-22

ADP Enrichment

CVE Program Container

Additional References

References