CVE-2018-1103

MEDIUM

Openshift Enterprise <1.1.10 - Code Injection

Title source: llm
STIX 2.1

Description

Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.

References (1)

Core 1
Core References

Scores

CVSS v3 6.1
EPSS 0.0134
EPSS Percentile 67.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N

Details

CWE
CWE-20 CWE-22
Status published
Products (2)
openshift/source-to-image 0 - 1.1.10-0.20180427153919-f5cbcbc5cc6fGo
redhat/source-to-image < 1.1.10
Published Jun 12, 2018
Tracked Since Feb 18, 2026