CVE-2014-3496CVE-2014-3496

Affected configuration(s):

cpe:/a:redhat:openshift:1.2.8::~~enterprise~~~
cpe:/a:redhat:openshift:2.0::enterprise
cpe:/a:redhat:openshift:2.0.1::enterprise
cpe:/a:redhat:openshift:2.0.2::enterprise
cpe:/a:redhat:openshift:2.0.3::enterprise
cpe:/a:redhat:openshift:2.0.4::enterprise
cpe:/a:redhat:openshift:2.0.5::enterprise
cpe:/a:redhat:openshift:2.0.6::~~enterprise~~~
cpe:/a:redhat:openshift:2.1::~~enterprise~~~
cpe:/a:redhat:openshift:2.1.1::~~enterprise~~~
cpe:/a:redhat:openshift_origin:1.2.8
cpe:/a:redhat:openshift_origin:2.1
cpe:/a:redhat:openshift_origin:2.1.1

Date published: 2014-06-20T10:55:07.030-04:00

Date last modified: 2017-01-06T22:00:01.863-05:00

CVSS Score: 10.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://rhn.redhat.com/errata/RHSA-2014-0762.html

Summary: cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *