{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T06:51:21.934","vulnerabilities":[{"cve":{"id":"CVE-2018-1102","sourceIdentifier":"secalert@redhat.com","published":"2018-04-30T19:29:00.217","lastModified":"2024-11-21T03:59:11.153","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation."},{"lang":"es","value":"Se ha encontrado un error en la funciĆ³n source-to-image tal y como se distribuye con Openshift Enterprise 3.x. Una validaciĆ³n incorrecta de archivos tar en ExtractTarStreamFromTarReader en tar/tar.go conduce a un escalado de privilegios."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"45690263-84D9-45A1-8C30-3ED2F0F11F47"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*","matchCriteriaId":"F8E35FAB-695F-44DA-945D-60B47C1F200B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*","matchCriteriaId":"F33CEF04-05FA-444C-BB14-F3E3434AF61F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*","matchCriteriaId":"84C890EC-229B-458B-AEF7-EA03C6248A25"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift:3.4:*:*:*:enterprise:*:*:*","matchCriteriaId":"E1056A33-690E-4120-821F-52B9705CB84B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift:3.5:*:*:*:enterprise:*:*:*","matchCriteriaId":"0FB4CEB9-3106-41D7-BBAA-FA92D2698FA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift:3.6:*:*:*:enterprise:*:*:*","matchCriteriaId":"4B196A82-385B-492A-8927-723CB8690CCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift:3.7:*:*:*:enterprise:*:*:*","matchCriteriaId":"2D9724B7-D99B-4376-B1B5-5CE5F336D767"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift:3.8:*:*:*:enterprise:*:*:*","matchCriteriaId":"2C73555F-B229-4946-B27B-E0FADA31625F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift:3.9:*:*:*:enterprise:*:*:*","matchCriteriaId":"A8F8362B-DA49-439F-ADA1-B5BA443F91F7"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2018:1227","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1229","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1231","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1233","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1235","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1237","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1239","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1241","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1243","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:0036","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1562246","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1227","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1229","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1231","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1233","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1235","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1237","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1239","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1241","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1243","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:0036","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1562246","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]}]}}]}