CVE-2015-5222

Severity CVSS v4.0:

Pending analysis

Type:

CWE-264 Permissions, Privileges, and Access Control

Publication date:

24/08/2015

Last modified:

12/04/2025

Description

Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.

Impact

Vector 2.0

AV:N/AC:M/Au:S/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 8.50 HIGH
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Medium
Authentication (Au): Single
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete