CVE-2016-3708
CVSS V2 Medium 5.5
CVSS V3 High 7.1
Description
Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.
Overview
- CVE ID
- CVE-2016-3708
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2016-06-08T17:59:05
- Last Modified Date
- 2023-02-12T23:19:17
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:S/C:P/I:P/A:N
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- SINGLE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- NONE
- Base Score
- 5.5
- Severity
- MEDIUM
- Exploitability Score
- 8
- Impact Score
- 4.9
CVSS Version 3
- Version
- 3.0
- Vector String
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- LOW
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- LOW
- Availability Impact
- NONE
- Base Score
- 7.1
- Base Severity
- HIGH
- Exploitability Score
- 2.8
- Impact Score
- 4.2
References
| Reference URL | Reference Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2016:1094 | Vendor Advisory |
| https://access.redhat.com/security/cve/CVE-2016-3708 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1331229 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2016-3708 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3708 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 10:16:14 | Added to TrackCVE | |||
| 2022-12-02 09:50:04 | 2016-06-08T17:59Z | 2016-06-08T17:59:05 | CVE Published Date | updated |
| 2022-12-02 09:50:04 | 2016-06-09T11:35:21 | CVE Modified Date | updated | |
| 2022-12-02 09:50:04 | Analyzed | Vulnerability Status | updated | |
| 2023-02-02 22:06:13 | 2023-02-02T21:16:52 | CVE Modified Date | updated | |
| 2023-02-02 22:06:13 | Analyzed | Modified | Vulnerability Status | updated |
| 2023-02-02 22:06:14 | Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary. | A flaw was found in OpenShift Enterprise when multi-tenant SDN is enabled and a build is run within a namespace that would normally be isolated from pods in other namespaces. If an s2i build is run in such an environment the container being built can access network resources on pods that should not be available to it. | Description | updated |
| 2023-02-02 22:06:20 | References | updated | ||
| 2023-02-13 00:05:47 | 2023-02-12T23:19:17 | CVE Modified Date | updated | |
| 2023-02-13 00:05:47 | A flaw was found in OpenShift Enterprise when multi-tenant SDN is enabled and a build is run within a namespace that would normally be isolated from pods in other namespaces. If an s2i build is run in such an environment the container being built can access network resources on pods that should not be available to it. | Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary. | Description | updated |