Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2014-0529.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2014-0530.html | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1096955 | Exploit |
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 00:37
Type | Values Removed | Values Added |
---|---|---|
Summary | Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. | |
References |
|
02 Feb 2023, 20:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | CVE-2014-0233 OpenShift: downloadable cartridge source url file command execution as root |
Information
Published : 2014-11-16 11:59
Updated : 2023-12-10 11:31
NVD link : CVE-2014-0233
Mitre link : CVE-2014-0233
CVE.ORG link : CVE-2014-0233
JSON object : View
Products Affected
redhat
- openshift
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')