cnvd - cnvd-2016-12772

cnvd-2016-12772

Vulnerability from cnvd

Title

Red Hat OpenShift Enterprise信息泄露漏洞

Description

Red Hat OpenShift是美国红帽（Red Hat）公司的一款平台即服务（PaaS）云计算平台，它可构建、测试、部署和运行应用程序。OpenShift Enterprise是一个开源的私有云版本。 Red Hat OpenShift Enterprise中存在信息泄露漏洞。允许攻击者获取可能有助于进一步攻击的敏感信息。

Severity

中

Patch Name

Red Hat OpenShift Enterprise信息泄露漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://bugzilla.redhat.com/show_bug.cgi?id=1397987

Reference

http://www.securityfocus.com/bid/94935

Impacted products

Name
Red Hat OpenShift Enterprise 3.0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94935"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8651"
    }
  },
  "description": "Red Hat OpenShift\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5e73\u53f0\u5373\u670d\u52a1\uff08PaaS\uff09\u4e91\u8ba1\u7b97\u5e73\u53f0\uff0c\u5b83\u53ef\u6784\u5efa\u3001\u6d4b\u8bd5\u3001\u90e8\u7f72\u548c\u8fd0\u884c\u5e94\u7528\u7a0b\u5e8f\u3002OpenShift Enterprise\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u79c1\u6709\u4e91\u7248\u672c\u3002\r\n\r\nRed Hat OpenShift Enterprise\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u83b7\u53d6\u53ef\u80fd\u6709\u52a9\u4e8e\u8fdb\u4e00\u6b65\u653b\u51fb\u7684\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Red Hat",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1397987",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-12772",
  "openTime": "2016-12-22",
  "patchDescription": "Red Hat OpenShift\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5e73\u53f0\u5373\u670d\u52a1\uff08PaaS\uff09\u4e91\u8ba1\u7b97\u5e73\u53f0\uff0c\u5b83\u53ef\u6784\u5efa\u3001\u6d4b\u8bd5\u3001\u90e8\u7f72\u548c\u8fd0\u884c\u5e94\u7528\u7a0b\u5e8f\u3002OpenShift Enterprise\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u79c1\u6709\u4e91\u7248\u672c\u3002\r\n\r\nRed Hat OpenShift Enterprise\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u83b7\u53d6\u53ef\u80fd\u6709\u52a9\u4e8e\u8fdb\u4e00\u6b65\u653b\u51fb\u7684\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Red Hat OpenShift Enterprise\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Red Hat OpenShift Enterprise 3.0"
  },
  "referenceLink": "http://www.securityfocus.com/bid/94935",
  "serverity": "\u4e2d",
  "submitTime": "2016-12-16",
  "title": "Red Hat OpenShift Enterprise\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2016-8651 (GCVE-0-2016-8651)

Vulnerability from cvelistv5

Published

2018-08-01 16:00

Modified

2024-08-06 02:27

Severity ?

3.1 (Low) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-20

Summary

An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.

References

URL

Tags

	http://www.securityfocus.com/bid/94935	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2016:2915	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651	x_refsource_CONFIRM