x/vulndb: potential Go vuln in github.com/openshift/origin: CVE-2016-2160

[tatianab]

CVE-2016-2160 references github.com/openshift/origin, which may be a Go module.

Description:
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2016-2160
• web: https://access.redhat.com/errata/RHSA-2016:1064
• fix: Drop capabilities in s2i build container by default openshift/origin#7864
• web: https://bugzilla.redhat.com/show_bug.cgi?id=1316127
• Imported by: https://pkg.go.dev/github.com/openshift/origin?tab=importedby

Cross references:

• Module github.com/openshift/origin appears in issue x/vulndb: potential Go vuln in github.com/openshift/origin: CVE-2015-3207 #505 EFFECTIVELY_PRIVATE
• Module github.com/openshift/origin appears in issue x/vulndb: potential Go vuln in github.com/openshift/origin: GHSA-m3fm-h5jp-q79p #854 NOT_IMPORTABLE
• Module github.com/openshift/origin appears in issue x/vulndb: potential Go vuln in github.com/openshift/origin: GHSA-rf3m-mhv7-x39f #875 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/openshift/origin
      vulnerable_at: 4.1.0+incompatible
      packages:
        - package: n/a
cves:
    - CVE-2016-2160
references:
    - web: https://access.redhat.com/errata/RHSA-2016:1064
    - fix: https://github.com/openshift/origin/pull/7864
    - web: https://bugzilla.redhat.com/show_bug.cgi?id=1316127

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports