Bug 1390735 (CVE-2016-8631)
Summary: | CVE-2016-8631 OSE 3: Router sometimes selects new routes over old routes when determining claimed hostnames | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bleanhar, ccoleman, dedgar, dmcphers, jgoulding, jialiu, jkeck, joelsmith, jokerman, kseifried, lmeyer, mmccomas, tdawson |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-16 01:05:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1387428 | ||
Bug Blocks: | 1388808 |
Description
Kurt Seifried
2016-11-01 18:53:47 UTC
Acknowledgments: Name: Jordan Liggitt (Red Hat) This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.3 Via RHSA-2016:2696 https://access.redhat.com/errata/RHSA-2016:2696 |