CVE-2018-14632

CVSS 7.7 HIGHEPSS 1.9%CWE-787

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.7EPSS 1.9%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

06 Sep 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected products

Red Hat · atomic-openshift

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHBA-2018:2652 https://access.redhat.com/errata/RHSA-2018:2654 https://access.redhat.com/errata/RHSA-2018:2709 https://access.redhat.com/errata/RHSA-2018:2906 https://access.redhat.com/errata/RHSA-2018:2908 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632 https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e