Back to bug 1397987
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Kurt Seifried | 2016-11-23 18:13:25 UTC | CC | security-response-team | |
| Kurt Seifried | 2016-11-23 18:16:08 UTC | Blocks | 1388979 | |
| Kurt Seifried | 2016-11-23 18:17:42 UTC | Depends On | 1397989 | |
| Kurt Seifried | 2016-11-23 18:17:53 UTC | Depends On | 1397990 | |
| Kurt Seifried | 2016-11-23 18:18:05 UTC | Depends On | 1397991 | |
| Kurt Seifried | 2016-11-23 18:19:56 UTC | CC | sdodson | |
| Kurt Seifried | 2016-11-28 20:37:36 UTC | Depends On | 1388018 | |
| Kurt Seifried | 2016-12-05 16:41:30 UTC | Doc Text | An input validation flaw was found in the way OpenShift handles requests for images. A user with a copy of the manifest associated with an image can pull the image even if they do not have access to the image normally resulting of disclosure of any information contained within the image. | |
| Eric Christensen | 2016-12-06 14:36:47 UTC | Doc Text | An input validation flaw was found in the way OpenShift handles requests for images. A user with a copy of the manifest associated with an image can pull the image even if they do not have access to the image normally resulting of disclosure of any information contained within the image. | An input validation flaw was found in the way OpenShift handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image. |
| Kurt Seifried | 2016-12-07 17:21:40 UTC | Whiteboard | impact=low,public=no,reported=20161026,source=redhat,cvss2=2.3/AV:A/AC:M/Au:S/C:P/I:N/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-20,openshift-enterprise-3/Security=affected | impact=low,public=20161207,reported=20161026,source=redhat,cvss2=2.3/AV:A/AC:M/Au:S/C:P/I:N/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-20,openshift-enterprise-3/Security=affected |
| Kurt Seifried | 2016-12-07 17:21:46 UTC | Summary | EMBARGOED CVE-2016-8651 OpenShift Enterprise 3: Pulling of any image is possible with it manifest | CVE-2016-8651 OpenShift Enterprise 3: Pulling of any image is possible with it manifest |
| Kurt Seifried | 2016-12-07 17:21:52 UTC | Group | security, qe_staff | |
| Scott Dodson | 2016-12-14 14:35:49 UTC | Flags | needinfo?(kseifried) | |
| Kurt Seifried | 2016-12-14 17:00:21 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Flags | needinfo?(kseifried) | |||
| Last Closed | 2016-12-14 12:00:21 UTC | |||
| Product Security DevOps Team | 2019-09-29 14:00:54 UTC | Whiteboard | impact=low,public=20161207,reported=20161026,source=redhat,cvss2=2.3/AV:A/AC:M/Au:S/C:P/I:N/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-20,openshift-enterprise-3/Security=affected |
Back to bug 1397987