CVE-2016-8631

The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
redhatCNA
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
redhatopenshift
3.0
redhatopenshift
3.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94110
https://access.redhat.com/errata/RHSA-2016:2696
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631
http://www.securityfocus.com/bid/94110
https://access.redhat.com/errata/RHSA-2016:2696
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631