{"containers": {"cna": {"affected": [{"product": "routing", "vendor": "[UNKNOWN]", "versions": [{"status": "affected", "version": "Routing 3.10"}]}], "datePublic": "2018-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-06-28T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2018:2013", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2013"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-1070", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "routing", "version": {"version_data": [{"version_value": "Routing 3.10"}]}}]}, "vendor_name": "[UNKNOWN]"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard."}]}, "impact": {"cvss": [[{"vectorString": "6.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:2013", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2013"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:51:47.334Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2018:2013", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2013"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1070", "datePublished": "2018-06-12T13:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-08-05T03:51:47.334Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DA472B6-F9D0-4F01-977E-EEAF19C292D3", "versionEndExcluding": "3.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard."}, {"lang": "es", "value": "routing en versiones anteriores a la 3.10 es vulnerable a una validaci\u00f3n de entradas incorrecta de la configuraci\u00f3n de Openshift Routing que puede permitir que una partici\u00f3n entera se caiga. Un usuario malicioso puede emplear esta vulnerabilidad para provocar un ataque de denegaci\u00f3n de servicio (DoS) para otros usuarios de la partici\u00f3n del router."}], "id": "CVE-2018-1070", "lastModified": "2019-10-09T23:38:02.600", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-06-12T13:29:00.300", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2013"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1070"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Mark Chappell (Red Hat).", "affected_release": [{"advisory": "RHSA-2018:2013", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "atomic-openshift-0:3.9.31-1.git.0.ef9737b.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2018-06-27T00:00:00Z"}, {"advisory": "RHSA-2018:2013", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "atomic-openshift-descheduler-0:3.9.13-1.git.267.bb59a3f.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2018-06-27T00:00:00Z"}, {"advisory": "RHSA-2018:2013", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "atomic-openshift-dockerregistry-0:3.9.31-1.git.351.1bd46ed.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2018-06-27T00:00:00Z"}, {"advisory": "RHSA-2018:2013", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "atomic-openshift-node-problem-detector-0:3.9.13-1.git.167.5d6b0d4.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2018-06-27T00:00:00Z"}, {"advisory": "RHSA-2018:2013", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "atomic-openshift-web-console-0:3.9.31-1.git.246.bded6a4.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2018-06-27T00:00:00Z"}, {"advisory": "RHSA-2018:2013", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "golang-github-prometheus-node_exporter-0:3.9.31-1.git.890.a55de06.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2018-06-27T00:00:00Z"}, {"advisory": "RHSA-2018:2013", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "mysql-apb-role-0:1.1.11-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2018-06-27T00:00:00Z"}, {"advisory": "RHSA-2018:2013", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "openshift-ansible-0:3.9.31-1.git.34.154617d.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2018-06-27T00:00:00Z"}], "bugzilla": {"description": "Routing: Malicous Service configuration can bring down routing for an entire shard.", "id": "1553035", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553035"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard.", "Improper input validation of the Openshift Routing configuration can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard."], "name": "CVE-2018-1070", "public_date": "2018-04-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1070\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1070"], "threat_severity": "Important", "upstream_fix": "Routing 3.10"}