Table of Contents
All versions of docker prior to the fix are vulnerable to this flaw.
For clarity, in the "Affected Packages State" table, we only include OpenShift Container Platform (OCP) versions 3.7 and below because for these versions docker was shipped as part of the release. For all subsequent versions of OCP until 3.11, docker is installed from the RHEL Extras repository meaning clusters will be vulnerable to the flaw unless an updated docker package has been applied.
CVSS v3 metrics
|CVSS3 Base Score||7.5|
|CVSS3 Base Metrics||CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H|
Red Hat Security Errata
|Red Hat Enterprise Linux 7 Extras (docker)||RHSA-2019:1910||2019-07-29|
Affected Packages State
|Red Hat OpenShift Container Platform 3.7||docker||Affected|
|Red Hat OpenShift Container Platform 3.6||docker||Affected|
|Red Hat OpenShift Container Platform 3.5||docker||Out of support scope|
|Red Hat OpenShift Container Platform 3.4||docker||Out of support scope|
|Red Hat JBoss Fuse 7||docker||Under investigation|
Stopping a container prior to running "docker cp" removes the TOCTOU vulnerability.