CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
85.1%
cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | openshift | 1.2.8 | cpe:2.3:a:redhat:openshift:1.2.8:*:*:*:enterprise:*:*:* |
redhat | openshift | 2.0 | cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:* |
redhat | openshift | 2.0.1 | cpe:2.3:a:redhat:openshift:2.0.1:*:enterprise:*:*:*:*:* |
redhat | openshift | 2.0.2 | cpe:2.3:a:redhat:openshift:2.0.2:*:enterprise:*:*:*:*:* |
redhat | openshift | 2.0.3 | cpe:2.3:a:redhat:openshift:2.0.3:*:enterprise:*:*:*:*:* |
redhat | openshift | 2.0.4 | cpe:2.3:a:redhat:openshift:2.0.4:*:enterprise:*:*:*:*:* |
redhat | openshift | 2.0.5 | cpe:2.3:a:redhat:openshift:2.0.5:*:enterprise:*:*:*:*:* |
redhat | openshift | 2.0.6 | cpe:2.3:a:redhat:openshift:2.0.6:*:*:*:enterprise:*:*:* |
redhat | openshift | 2.1 | cpe:2.3:a:redhat:openshift:2.1:*:*:*:enterprise:*:*:* |
redhat | openshift | 2.1.1 | cpe:2.3:a:redhat:openshift:2.1.1:*:*:*:enterprise:*:*:* |