CVE-2016-8631

EUVD-2016-9474
The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
redhatCNA
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
redhatopenshift
3.0
redhatopenshift
3.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94110
https://access.redhat.com/errata/RHSA-2016:2696
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631
http://www.securityfocus.com/bid/94110
https://access.redhat.com/errata/RHSA-2016:2696
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631