Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Kubernetes
  • Kubernetes
Redhat
  • Openshift

Configuration 1 [-]

cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat OpenShift Enterprise 3.0
openshift-0:3.0.2.0-0.git.45.423f434.el7ose cpe:/a:redhat:openshift:3.0::el7 RHSA-2016:0351 2016-03-03T00:00:00Z
Red Hat OpenShift Enterprise 3.1
atomic-openshift-0:3.1.1.6-1.git.0.b57e8bd.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
heapster-0:0.18.2-3.gitaf4752e.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
jenkins-0:1.625.3-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-align-text-0:0.1.3-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-ansi-green-0:0.1.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-ansi-wrap-0:0.1.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-anymatch-0:1.3.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-array-unique-0:0.2.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-arr-diff-0:2.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-arr-flatten-0:1.0.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-arrify-0:1.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-async-each-0:1.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-binary-extensions-0:1.3.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-braces-0:1.8.2-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-capture-stack-trace-0:1.0.0-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-chokidar-0:1.4.1-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-configstore-0:1.4.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-create-error-class-0:2.0.1-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-deep-extend-0:0.3.2-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-duplexer-0:0.1.1-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-duplexify-0:3.4.2-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-end-of-stream-0:1.1.0-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-error-ex-0:1.2.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-es6-promise-0:3.0.2-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-event-stream-0:3.3.2-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-expand-brackets-0:0.1.4-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-expand-range-0:1.8.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-extglob-0:0.3.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-filename-regex-0:2.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-fill-range-0:2.2.3-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-for-in-0:0.1.4-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-for-own-0:0.1.3-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-from-0:0.1.3-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-glob-base-0:0.3.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-glob-parent-0:2.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-got-0:5.2.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-graceful-fs-0:4.1.2-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-ini-0:1.1.0-6.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-is-binary-path-0:1.0.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-is-dotfile-0:1.0.2-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-is-equal-shallow-0:0.1.3-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-is-extendable-0:0.1.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-is-extglob-0:1.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-is-glob-0:2.0.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-is-npm-0:1.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-is-number-0:2.1.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-isobject-0:2.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-is-plain-obj-0:1.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-is-primitive-0:2.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-is-redirect-0:1.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-is-stream-0:1.0.1-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-kind-of-0:3.0.2-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-latest-version-0:2.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-lazy-cache-0:1.0.2-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-lodash.assign-0:3.2.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-lodash.baseassign-0:3.2.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-lodash.basecopy-0:3.0.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-lodash.bindcallback-0:3.0.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-lodash.createassigner-0:3.1.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-lodash.defaults-0:3.1.2-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-lodash.getnative-0:3.9.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-lodash.isarguments-0:3.0.4-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-lodash.isarray-0:3.0.4-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-lodash.isiterateecall-0:3.0.9-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-lodash.keys-0:3.1.2-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-lodash.restparam-0:3.6.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-lowercase-keys-0:1.0.0-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-map-stream-0:0.1.0-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-micromatch-0:2.3.5-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-mkdirp-0:0.5.0-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-nodemon-0:1.8.1-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-node-status-codes-0:1.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-normalize-path-0:2.0.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-object-assign-0:4.0.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-object.omit-0:2.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-optimist-0:0.4.0-5.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-osenv-0:0.1.0-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-os-homedir-0:1.0.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-os-tmpdir-0:1.0.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-package-json-0:2.3.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-parse-glob-0:3.0.4-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-parse-json-0:2.2.0-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-pause-stream-0:0.0.11-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-pinkie-0:2.0.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-pinkie-promise-0:2.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-prepend-http-0:1.0.1-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-preserve-0:0.2.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-ps-tree-0:1.0.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-randomatic-0:1.1.5-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-rc-0:1.1.2-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-read-all-stream-0:3.0.1-3.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-readdirp-0:2.0.0-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-regex-cache-0:0.4.2-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-registry-url-0:3.0.3-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-repeat-element-0:1.1.2-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-semver-0:5.1.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-semver-diff-0:2.1.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-slide-0:1.1.5-3.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-split-0:0.3.3-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-stream-combiner-0:0.2.1-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-string-length-0:1.0.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-strip-json-comments-0:1.0.2-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-success-symbol-0:0.1.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-through-0:2.3.4-4.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-timed-out-0:2.0.0-3.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-touch-0:1.0.0-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-undefsafe-0:0.0.3-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-unzip-response-0:1.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-update-notifier-0:0.6.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-url-parse-lax-0:1.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-uuid-0:2.0.1-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-write-file-atomic-0:1.1.2-2.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nodejs-xdg-basedir-0:2.0.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
nss_wrapper-0:1.0.3-1.el7 cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
openshift-ansible-0:3.0.35-1.git.0.6a386dd.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
openvswitch-0:2.4.0-1.el7 cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
origin-kibana-0:0.5.0-1.el7aos cpe:/a:redhat:openshift:3.1::el7 RHSA-2016:0070 2016-01-26T00:00:00Z
References
Link Providers
https://access.redhat.com/errata/RHSA-2016:0070 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2016:0351 cve-icon cve-icon
https://github.com/openshift/origin/issues/6556 cve-icon cve-icon
https://github.com/openshift/origin/pull/6576 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2016-1906 cve-icon
https://www.cve.org/CVERecord?id=CVE-2016-1906 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-02-03T15:00:00

Updated: 2024-08-05T23:10:40.116Z

Reserved: 2016-01-14T00:00:00

Link: CVE-2016-1906

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-02-03T18:59:09.757

Modified: 2023-02-13T04:50:03.907

Link: CVE-2016-1906

cve-icon Redhat

Severity : Moderate

Publid Date: 2016-01-06T00:00:00Z

Links: CVE-2016-1906 - Bugzilla