CVEブラウザに戻る

CVE-2018-14632

HIGH

7.7

CVSS Severity Score

EPSS Score0.1450%

EPSS Percentile40.99th

Published2018年9月6日

Last Modified2024年11月21日

Vulnerability Description

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.

Affected Platforms (CPE)

📦

Redhat

Openshift Container Platform

<= 3.7

📦

Redhat

Openshift Container Platform

= 3.9

📦

Redhat

Openshift Container Platform

= 3.10

📦

Redhat

Openshift Container Platform

= 3.11

📦

Starcounter Jack

Json Patch

All versions

References & Advisories

🔗 https://access.redhat.com/errata/RHBA-2018:2652

🔗 https://access.redhat.com/errata/RHSA-2018:2654

🔗 https://access.redhat.com/errata/RHSA-2018:2709

🔗 https://access.redhat.com/errata/RHSA-2018:2906

🔗 https://access.redhat.com/errata/RHSA-2018:2908

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632

🔗 https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e

🔗 https://access.redhat.com/errata/RHBA-2018:2652

関連する脆弱性情報

CVE-2019-38999.8

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interfac...

CVE-2019-148198.8

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service acc...

CVE-2018-108438.5

source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vuln...

CVE-2021-201988.1

A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of Ope...