{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-09-18T00:00:00", "descriptions": [{"lang": "en", "value": "(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-08T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1009734"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:38:01.911Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1009734"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4364", "datePublished": "2018-01-08T19:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:38:01.911Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "19D8D9FF-51A8-4A81-B855-DB480ABEA300", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "884F5BE8-59F5-4502-9765-F3A3E505570F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp."}, {"lang": "es", "value": "(1) oo-analytics-export y (2) oo-analytics-import en el paquete openshift-origin-broker-util en Red Hat OpenShift Enterprise 1 y 2 permiten que los usuarios locales provoquen un impacto sin especificar mediante un ataque symlink en un archivo no especificado en /tmp."}], "id": "CVE-2013-4364", "lastModified": "2018-02-01T18:38:52.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-08T19:29:00.190", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1009734"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "OpenShift: openshift-origin-broker-util incorrect temporary file usage", "id": "1009734", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1009734"}, "csaw": false, "cvss": {"cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "draft"}, "cwe": "CWE-377", "details": ["(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp."], "name": "CVE-2013-4364", "package_state": [{"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Will not fix", "package_name": "openshift-origin-broker-util", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "openshift-origin-broker-util", "product_name": "Red Hat OpenShift Enterprise 2"}], "public_date": "2014-07-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-4364\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4364"], "statement": "On OpenShift Enterprise 2.1 the broker and node should be installed on separate systems, as such there should not be any local untrusted users on the broker system(s). This issue is not currently planned to be addressed in future updates. For additional information, refer to\nthe Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}