CVE-2017-7517

CVE-2017-7517

Vendor N/A

Product Hawkular Metrics

Weakness CWE-20 · Input validation

Published October 17, 2022

Last update May 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access the metrics stored from the original "MyProject" instance.

Key dates

02Disclosure timeline

October 17, 2022 CVE published

May 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-7517 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

01Description

02Disclosure timeline

03References

04Related CVE