CVE-2018-1102
high-risk
Published 2018-04-30
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.
Do I need to act?
~
1.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (10)
Affected Vendors
References (22)
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1227
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1229
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1231
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1233
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1235
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1237
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1239
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1241
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1243
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:0036
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1562246
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1227
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1229
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1231
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1233
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1235
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1237
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1239
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1241
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1243
and 2 more references
50
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
4/34 · Minimal
Exposure
16/34 · Moderate