Description
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.
CVSS breakdown
CVSS 3.0
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low
Affected products
- Red Hat / atomic-openshift3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 4.1 – 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 4.1