Vulnerability in Redhat Openshift
CVE-2016-3738
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.
EPSS: 0.007 (71.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Redhat Openshift — versions 3.2
- N/a — versions n/a
Weakness classification (CWE)
References
- RHSA-2016:1094 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2016-3738?
- CVE-2016-3738 is a high-severity vulnerability in Redhat Openshift, classified under CWE-264. CVSS score: 8.8/10. Published 2016-06-08.
- How severe is CVE-2016-3738?
- High severity. CVSS v3 base score is 8.8 out of 10.