CVE-2016-8651
Last modified
CVE-2016-8651 is a vulnerability of currently unknown severity. An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.. EPSS estimates a 1.35% chance of exploitation in the next 30 days.
Description
An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift | 3.0 |
| Redhat | Openshift Container Platform | 3.1 |
| Redhat | Openshift Container Platform | 3.2 |
| Redhat | Openshift Container Platform | 3.3 |
References
- http://www.securityfocus.com/bid/94935Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2016:2915Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651Issue Tracking, Third Party Advisory
- http://www.securityfocus.com/bid/94935Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2016:2915Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-8651?
How severe is CVE-2016-8651?
How do I fix CVE-2016-8651?
Are you affected by CVE-2016-8651?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST