A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.
Find out more about CVE-2018-1102 from the MITRE CVE dictionary dictionary and NIST NVD.
Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim's machine, but it requires user interaction.
CVSS3 Base Score | 9.9 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | None |
Scope | Changed |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | High |
Platform | Errata | Release Date |
---|---|---|
Red Hat OpenShift Container Platform 3.5 (atomic-openshift) | RHSA-2018:1235 | 2018-04-30 |
Red Hat OpenShift Container Platform 3.4 (atomic-openshift) | RHSA-2018:1237 | 2018-04-30 |
Red Hat OpenShift Container Platform 3.6 (atomic-openshift) | RHSA-2018:1233 | 2018-04-30 |
Red Hat OpenShift Container Platform 3.2 (atomic-openshift) | RHSA-2018:1241 | 2018-04-29 |
Red Hat OpenShift Enterprise 3.1 (atomic-openshift) | RHSA-2018:1243 | 2018-04-29 |
Red Hat OpenShift Container Platform 3.8 (atomic-openshift) | RHSA-2018:1229 | 2018-04-28 |
Red Hat Software Collections for Red Hat Enterprise Linux 7 (source-to-image) | RHSA-2019:0036 | 2019-01-08 |
Red Hat OpenShift Container Platform 3.9 (atomic-openshift) | RHSA-2018:1227 | 2018-04-28 |
Red Hat OpenShift Container Platform 3.3 (atomic-openshift) | RHSA-2018:1239 | 2018-04-29 |
Red Hat OpenShift Container Platform 3.7 (atomic-openshift) | RHSA-2018:1231 | 2018-04-29 |
Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.
* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally
* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally
* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally
* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds
* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds
* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds
* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds
* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds
* OpenShift Enterprise 3.8 is not a production version (only for upgrades).
* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds