{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-19T00:00:00", "descriptions": [{"lang": "en", "value": "Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-06-08T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2016:1094", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:1094"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:03:34.544Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2016:1094", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2016:1094"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-3708", "datePublished": "2016-06-08T17:00:00", "dateReserved": "2016-03-30T00:00:00", "dateUpdated": "2024-08-06T00:03:34.544Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F33CEF04-05FA-444C-BB14-F3E3434AF61F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary."}, {"lang": "es", "value": "Red Hat OpenShift Enterprise 3.2, cuando multi-tenant SDN est\u00e1 habilitado y un build est\u00e1 ejecutado en un espacio de nombres que normalmente estar\u00eda aislado de pods en otros espacios de nombres, permite a usuarios remotos autenticados acceder a recursos de red en pods restringidos a trav\u00e9s de un build s2i con una imagen builder que (1) contiene comandos ONBUILD o (2) no contiene un binario tar."}], "id": "CVE-2016-3708", "lastModified": "2023-02-12T23:19:17.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-08T17:59:05.750", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2016:1094"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Ben Parees (Red Hat).", "affected_release": [{"advisory": "RHSA-2016:1094", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "atomic-openshift-0:3.2.0.44-1.git.0.a4463d9.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-05-19T00:00:00Z"}, {"advisory": "RHSA-2016:1094", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "nodejs-node-uuid-0:1.4.7-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-05-19T00:00:00Z"}], "bugzilla": {"description": "3: s2i builds implicitly perform docker builds", "id": "1331229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331229"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified"}, "cwe": "CWE-284", "details": ["Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.", "A flaw was found in OpenShift Enterprise when multi-tenant SDN is enabled and a build is run within a namespace that would normally be isolated from pods in other namespaces. If an s2i build is run in such an environment the container being built can access network resources on pods that should not be available to it."], "name": "CVE-2016-3708", "public_date": "2016-04-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-3708\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3708"], "threat_severity": "Moderate"}