CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-7517

An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access the metrics stored from the original "MyProject" instance.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.6%

CVSS Severity

CVSS v3 Score 3.5

References

https://access.redhat.com/security/cve/CVE-2017-7517
https://bugzilla.redhat.com/show_bug.cgi?id=1470414
https://access.redhat.com/security/cve/CVE-2017-7517
https://bugzilla.redhat.com/show_bug.cgi?id=1470414

Products affected by CVE-2017-7517

Redhat » Openshift » Version: 3.0

cpe:2.3:a:redhat:openshift:3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-7517

Products

Pricing

Contact Us