CVE-2018-1103 MEDIUM

CVE-2018-1103

Vendor Openshift Enterprise
Product unsanitized paths in tar.go
Weakness CWE-22 · Path traversal
Published June 12, 2018
Last update August 5, 2024

CVSS base score

6.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N

What the vulnerability does

01Description

Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.

Key dates

02Disclosure timeline

June 12, 2018 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE