CVE-2016-1906: Authorization bypass in Openshift

December 20, 2021

Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.

References

github.com/advisories/GHSA-m3fm-h5jp-q79p
github.com/openshift/origin/commit/d95ec085f03ecf10e8c424a4f0340ddb38891406
github.com/openshift/origin/issues/6556
github.com/openshift/origin/pull/6576
nvd.nist.gov/vuln/detail/CVE-2016-1906
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1906

Detect and mitigate CVE-2016-1906 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →