Vulnerabilities > CVE-2016-9592 - Resource Management Errors vulnerability in Redhat Openshift 3.2.1.23/3.3.1.11/3.4

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

redhat

CWE-399

NVD

Published: 2018-04-16

Updated: 2023-11-07

Summary

openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Openshift 3.4 Redhat Openshift 3.3.1.11 Redhat Openshift 3.2.1.23	3

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592
http://www.securityfocus.com/bid/94991