{"id":"CVE-2018-1102","details":"A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.","modified":"2026-07-08T05:50:45.806653365Z","published":"2018-04-30T19:29:00.217Z","database_specific":{"unresolved_ranges":[{"vendor_product":"redhat:openshift","extracted_events":[{"introduced":"3.0"},{"last_affected":"3.0"},{"introduced":"3.1"},{"last_affected":"3.1"},{"introduced":"3.2"},{"last_affected":"3.2"},{"introduced":"3.3"},{"last_affected":"3.3"},{"introduced":"3.4"},{"last_affected":"3.4"},{"introduced":"3.5"},{"last_affected":"3.5"}],"cpes":["cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*","cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*","cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*","cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*","cpe:2.3:a:redhat:openshift:3.4:*:*:*:enterprise:*:*:*","cpe:2.3:a:redhat:openshift:3.5:*:*:*:enterprise:*:*:*"],"source":"CPE_STRING"}]},"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1227"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1229"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1231"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1233"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1235"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1237"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1239"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1241"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1243"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0036"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1562246"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openshift/origin","events":[{"introduced":"c4dd4cf368b6204571faacde702e624b930a5214"},{"last_affected":"191fece9305a76f262baacc9de72c2c8cb4d5601"}],"database_specific":{"extracted_events":[{"introduced":"3.6"},{"last_affected":"3.6"},{"introduced":"3.7"},{"last_affected":"3.7"},{"introduced":"3.8"},{"last_affected":"3.8"},{"introduced":"3.9"},{"last_affected":"3.9"}],"cpe":["cpe:2.3:a:redhat:openshift:3.6:*:*:*:enterprise:*:*:*","cpe:2.3:a:redhat:openshift:3.7:*:*:*:enterprise:*:*:*","cpe:2.3:a:redhat:openshift:3.8:*:*:*:enterprise:*:*:*","cpe:2.3:a:redhat:openshift:3.9:*:*:*:enterprise:*:*:*"],"source":"CPE_STRING"}}],"versions":["3.6","3.7","3.8","3.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1102.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}