Description
Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.
References (1)
Core 1
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1103
Scores
CVSS v3
6.1
EPSS
0.0134
EPSS Percentile
67.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
Details
CWE
CWE-20
CWE-22
Status
published
Products (2)
openshift/source-to-image
0 - 1.1.10-0.20180427153919-f5cbcbc5cc6fGo
redhat/source-to-image
< 1.1.10
Published
Jun 12, 2018
Tracked Since
Feb 18, 2026