{"containers": {"cna": {"affected": [{"product": "OpenShift Enterprise", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "3"}]}], "datePublic": "2016-12-07T00:00:00", "descriptions": [{"lang": "en", "value": "An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-08-02T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "94935", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94935"}, {"name": "RHSA-2016:2915", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:2915"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:27:41.203Z"}, "title": "CVE Program Container", "references": [{"name": "94935", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94935"}, {"name": "RHSA-2016:2915", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2016:2915"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-8651", "datePublished": "2018-08-01T16:00:00", "dateReserved": "2016-10-12T00:00:00", "dateUpdated": "2024-08-06T02:27:41.203Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "45690263-84D9-45A1-8C30-3ED2F0F11F47", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "93E3194E-7082-4E21-867B-FB4ECF482A07", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "C10044B3-FBB1-4031-9060-D3A2915B164C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA3ADA26-2B9E-4ABA-A224-910BD75CCE00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image."}, {"lang": "es", "value": "S ha encontrado un error de validaci\u00f3n de entradas en la forma en la que OpenShift 3 gestiona peticiones para im\u00e1genes. Un usuario, con una copia del manifiesto asociado con una imagen, puede extraer una imagen incluso aunque normalmente no cuente con acceso a la misma. Esto resulta en la divulgaci\u00f3n de informaci\u00f3n contenida en la imagen."}], "id": "CVE-2016-8651", "lastModified": "2024-11-21T02:59:46.030", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-01T16:29:00.273", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94935"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2016:2915"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94935"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2016:2915"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2016:2915", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "atomic-openshift-0:3.2.1.21-1.git.0.4250771.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-12-07T00:00:00Z"}, {"advisory": "RHSA-2016:2915", "cpe": "cpe:/a:redhat:openshift:3.3::el7", "package": "atomic-openshift-0:3.3.1.7-1.git.0.0988966.el7", "product_name": "Red Hat OpenShift Container Platform 3.3", "release_date": "2016-12-07T00:00:00Z"}, {"advisory": "RHSA-2016:2915", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "atomic-openshift-0:3.1.1.10-1.git.0.efeef8d.el7aos", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-12-07T00:00:00Z"}], "bugzilla": {"description": "3: Pulling of any image is possible with it manifest", "id": "1397987", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397987"}, "csaw": false, "cvss": {"cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:P/I:N/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.", "An input validation flaw was found in the way OpenShift handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image."], "name": "CVE-2016-8651", "public_date": "2016-12-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-8651\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8651"], "threat_severity": "Low"}