{ "threat_severity" : "Critical", "public_date" : "2018-04-27T00:00:00Z", "bugzilla" : { "description" : "source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go", "id" : "1562246", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1562246" }, "cvss3" : { "cvss3_base_score" : "9.9", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-20", "details" : [ "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.", "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation." ], "statement" : "Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim's machine, but it requires user interaction.", "acknowledgement" : "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat OpenShift Container Platform 3.2", "release_date" : "2018-04-29T00:00:00Z", "advisory" : "RHSA-2018:1241", "cpe" : "cpe:/a:redhat:openshift:3.2::el7", "package" : "atomic-openshift-0:3.2.1.34-2.git.3.aad33c3.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.3", "release_date" : "2018-04-29T00:00:00Z", "advisory" : "RHSA-2018:1239", "cpe" : "cpe:/a:redhat:openshift:3.3::el7", "package" : "atomic-openshift-0:3.3.1.46.39-2.git.3.cc57f5b.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.4", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1237", "cpe" : "cpe:/a:redhat:openshift:3.4::el7", "package" : "atomic-openshift-0:3.4.1.44.53-1.git.0.d7eb028.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.4", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1237", "cpe" : "cpe:/a:redhat:openshift:3.4::el7", "package" : "openshift-ansible-0:3.4.168-1.git.0.bb73aad.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.4", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1237", "cpe" : "cpe:/a:redhat:openshift:3.4::el7", "package" : "python-ruamel-yaml-0:0.12.14-9.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.5", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1235", "cpe" : "cpe:/a:redhat:openshift:3.5::el7", "package" : "atomic-openshift-0:3.5.5.31.67-1.git.0.0a8cf24.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.5", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1235", "cpe" : "cpe:/a:redhat:openshift:3.5::el7", "package" : "openshift-ansible-0:3.5.165-1.git.0.475fa67.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.6", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1233", "cpe" : "cpe:/a:redhat:openshift:3.6::el7", "package" : "atomic-openshift-0:3.6.173.0.113-1.git.0.65fb9fb.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.6", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1233", "cpe" : "cpe:/a:redhat:openshift:3.6::el7", "package" : "rubygem-cool.io-0:1.5.3-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.6", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1233", "cpe" : "cpe:/a:redhat:openshift:3.6::el7", "package" : "rubygem-excon-0:0.60.0-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.6", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1233", "cpe" : "cpe:/a:redhat:openshift:3.6::el7", "package" : "rubygem-faraday-0:0.13.1-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.6", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1233", "cpe" : "cpe:/a:redhat:openshift:3.6::el7", "package" : "rubygem-ffi-0:1.9.23-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.6", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1233", "cpe" : "cpe:/a:redhat:openshift:3.6::el7", "package" : "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.1-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.6", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1233", "cpe" : "cpe:/a:redhat:openshift:3.6::el7", "package" : "rubygem-fluent-plugin-systemd-0:0.0.9-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.6", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1233", "cpe" : "cpe:/a:redhat:openshift:3.6::el7", "package" : "rubygem-minitest-0:5.10.3-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.6", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1233", "cpe" : "cpe:/a:redhat:openshift:3.6::el7", "package" : "rubygem-msgpack-0:1.2.2-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.6", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1233", "cpe" : "cpe:/a:redhat:openshift:3.6::el7", "package" : "rubygem-multi_json-0:1.13.1-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.6", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1233", "cpe" : "cpe:/a:redhat:openshift:3.6::el7", "package" : "rubygem-systemd-journal-0:1.3.1-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.6", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1233", "cpe" : "cpe:/a:redhat:openshift:3.6::el7", "package" : "rubygem-tzinfo-0:1.2.5-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.6", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1233", "cpe" : "cpe:/a:redhat:openshift:3.6::el7", "package" : "rubygem-tzinfo-data-0:1.2018.3-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.6", "release_date" : "2018-04-30T00:00:00Z", "advisory" : "RHSA-2018:1233", "cpe" : "cpe:/a:redhat:openshift:3.6::el7", "package" : "rubygem-unf_ext-0:0.0.7.5-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.7", "release_date" : "2018-04-29T00:00:00Z", "advisory" : "RHSA-2018:1231", "cpe" : "cpe:/a:redhat:openshift:3.7::el7", "package" : "apb-0:1.0.6-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.7", "release_date" : "2018-04-29T00:00:00Z", "advisory" : "RHSA-2018:1231", "cpe" : "cpe:/a:redhat:openshift:3.7::el7", "package" : "atomic-openshift-0:3.7.44-1.git.0.6b061d4.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.7", "release_date" : "2018-04-29T00:00:00Z", "advisory" : "RHSA-2018:1231", "cpe" : "cpe:/a:redhat:openshift:3.7::el7", "package" : "rubygem-fluent-plugin-elasticsearch-0:1.14.0-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.8", "release_date" : "2018-04-28T00:00:00Z", "advisory" : "RHSA-2018:1229", "cpe" : "cpe:/a:redhat:openshift:3.8::el7", "package" : "atomic-openshift-0:3.8.37-1.git.0.e85a326.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.8", "release_date" : "2018-04-28T00:00:00Z", "advisory" : "RHSA-2018:1229", "cpe" : "cpe:/a:redhat:openshift:3.8::el7", "package" : "atomic-openshift-dockerregistry-0:3.8.37-1.git.224.8e15ecf.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.8", "release_date" : "2018-04-28T00:00:00Z", "advisory" : "RHSA-2018:1229", "cpe" : "cpe:/a:redhat:openshift:3.8::el7", "package" : "openshift-ansible-0:3.8.37-1.git.0.be319af.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.9", "release_date" : "2018-04-28T00:00:00Z", "advisory" : "RHSA-2018:1227", "cpe" : "cpe:/a:redhat:openshift:3.9::el7", "package" : "atomic-openshift-0:3.9.25-1.git.0.6bc473e.el7" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "release_date" : "2018-04-29T00:00:00Z", "advisory" : "RHSA-2018:1243", "cpe" : "cpe:/a:redhat:openshift:3.1::el7", "package" : "atomic-openshift-0:3.1.1.11-4.git.3.12809c8.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2019-01-08T00:00:00Z", "advisory" : "RHSA-2019:0036", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "source-to-image-0:1.1.13-1.el7", "impact" : "important" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date" : "2019-01-08T00:00:00Z", "advisory" : "RHSA-2019:0036", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "source-to-image-0:1.1.13-1.el7", "impact" : "important" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date" : "2019-01-08T00:00:00Z", "advisory" : "RHSA-2019:0036", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "source-to-image-0:1.1.13-1.el7", "impact" : "important" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date" : "2019-01-08T00:00:00Z", "advisory" : "RHSA-2019:0036", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "source-to-image-0:1.1.13-1.el7", "impact" : "important" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-1102\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1102\nhttps://access.redhat.com/security/vulnerabilities/3422241" ], "csaw" : true, "name" : "CVE-2018-1102", "mitigation" : { "value" : "Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.\n* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally\n* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds\n* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds\n* OpenShift Enterprise 3.8 is not a production version (only for upgrades).\n* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds", "lang" : "en:us" } }