OpenShift Source-To-Image Vulnerability - CVE-2018-1102

Solution In Progress - Updated -

Environment

The following Red Hat Product versions are impacted:
- OpenShift Container Platform 3.0-3.9
- OpenShift Online v3.x*
- OpenShift Dedicated v3.x*

*Red Hat has patched impacted services.

Issue

Red Hat Product Security is responding to a flaw in the source-to-image (S2I) build functionality as shipped with Red Hat OpenShift Container Platform 3. Unprivileged attackers can use this flaw to escalate privileges and gain access to the host system. This issue has been assigned CVE-2018-1102 and is rated as having a Critical impact.

Resolution

Further details about mitigation and updates can be found here:
https://access.redhat.com/security/vulnerabilities/3422241

Note: OpenShift Online and OpenShift Dedicated Clusters have already been patched.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.