Search criteria
7 vulnerabilities by OpenShift
CVE-2021-4294 (GCVE-0-2021-4294)
Vulnerability from cvelistv5 – Published: 2022-12-28 16:51 – Updated: 2024-08-03 17:23
VLAI?
Summary
A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987.
Severity ?
CWE
- CWE-208 - Observable Timing Discrepancy
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:23:10.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.216987"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.216987"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/openshift/osin/pull/200"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/openshift/osin/commit/8612686d6dda34ae9ef6b5a974e4b7accb4fea29"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSIN",
"vendor": "OpenShift",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in OpenShift OSIN ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion ClientSecretMatches/CheckClientSecret. Dank Manipulation des Arguments secret mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Der Patch wird als 8612686d6dda34ae9ef6b5a974e4b7accb4fea29 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-28T16:51:34.378Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.216987"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.216987"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/openshift/osin/pull/200"
},
{
"tags": [
"patch"
],
"url": "https://github.com/openshift/osin/commit/8612686d6dda34ae9ef6b5a974e4b7accb4fea29"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-28T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2022-12-28T17:56:32.000Z",
"value": "VulDB last update"
}
],
"title": "OpenShift OSIN CheckClientSecret timing discrepancy"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2021-4294",
"datePublished": "2022-12-28T16:51:34.378Z",
"dateReserved": "2022-12-28T16:49:47.686Z",
"dateUpdated": "2024-08-03T17:23:10.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3207 (GCVE-0-2015-3207)
Vulnerability from cvelistv5 – Published: 2022-07-07 12:25 – Updated: 2024-08-06 05:39
VLAI?
Summary
In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Openshift Origin |
Affected:
Openshift Origin 3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openshift/origin/pull/2261"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openshift/origin/pull/2291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Openshift Origin",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Openshift Origin 3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Openshift Origin 3 the cookies being set in console have no \u0027secure\u0027, \u0027HttpOnly\u0027 attributes."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-07T12:25:43",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openshift/origin/pull/2261"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openshift/origin/pull/2291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Openshift Origin",
"version": {
"version_data": [
{
"version_value": "Openshift Origin 3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Openshift Origin 3 the cookies being set in console have no \u0027secure\u0027, \u0027HttpOnly\u0027 attributes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-614"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"
},
{
"name": "https://github.com/openshift/origin/pull/2261",
"refsource": "MISC",
"url": "https://github.com/openshift/origin/pull/2261"
},
{
"name": "https://github.com/openshift/origin/pull/2291",
"refsource": "MISC",
"url": "https://github.com/openshift/origin/pull/2291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3207",
"datePublished": "2022-07-07T12:25:43",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10752 (GCVE-0-2020-10752)
Vulnerability from cvelistv5 – Published: 2020-06-12 22:09 – Updated: 2024-08-04 11:14
VLAI?
Summary
A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Openshift | openshift/openshift-apiserver |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin/blob/master/vendor/k8s.io/kubernetes/staging/src/k8s.io/apiserver/pkg/server/filters/wrap.go#L39"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/enhancements/pull/323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openshift/openshift-apiserver",
"vendor": "Openshift",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2020-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T22:09:39",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin/blob/master/vendor/k8s.io/kubernetes/staging/src/k8s.io/apiserver/pkg/server/filters/wrap.go#L39"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/enhancements/pull/323"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10752",
"datePublished": "2020-06-12T22:09:39",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:14:15.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0196 (GCVE-0-2013-0196)
Vulnerability from cvelistv5 – Published: 2019-12-30 21:17 – Updated: 2024-08-06 14:18
VLAI?
Summary
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.
Severity ?
No CVSS data available.
CWE
- Cross-Site Request Forgery
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenShift | OpenShift Enterprise |
Affected:
1.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-0196"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenShift Enterprise",
"vendor": "OpenShift",
"versions": [
{
"status": "affected",
"version": "1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using \u0027Basic authentication\u0027 and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-30T21:17:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-0196"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0196",
"datePublished": "2019-12-30T21:17:02",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0163 (GCVE-0-2014-0163)
Vulnerability from cvelistv5 – Published: 2019-12-11 15:33 – Updated: 2024-08-06 09:05
VLAI?
Summary
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
Severity ?
No CVSS data available.
CWE
- Multiple shell command injection flaws
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2014-0163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Openshift",
"vendor": "Openshift",
"versions": [
{
"status": "affected",
"version": "through 2014-04-03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Openshift has shell command injection flaws due to unsanitized data being passed into shell commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple shell command injection flaws",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T15:33:33",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2014-0163"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0163",
"datePublished": "2019-12-11T15:33:33",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0023 (GCVE-0-2014-0023)
Vulnerability from cvelistv5 – Published: 2019-11-15 14:40 – Updated: 2024-08-06 08:58
VLAI?
Summary
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution
Severity ?
No CVSS data available.
CWE
- install script has temporary file creation vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0023"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2014-0023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenShift",
"vendor": "OpenShift",
"versions": [
{
"status": "affected",
"version": "through 2014-01-21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "install script has temporary file creation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-15T14:40:12",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0023"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2014-0023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0023",
"datePublished": "2019-11-15T14:40:12",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T08:58:26.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8945 (GCVE-0-2015-8945)
Vulnerability from cvelistv5 – Published: 2016-08-05 15:00 – Updated: 2024-08-06 08:36
VLAI?
Summary
openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:36:31.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160713 CVE Request: openshift-node is logging private RSA keys to the systemd journal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/9"
},
{
"name": "91776",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91776"
},
{
"name": "[oss-security] 20160713 Re: CVE Request: openshift-node is logging private RSA keys to the systemd journal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin/issues/3951"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-08-05T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160713 CVE Request: openshift-node is logging private RSA keys to the systemd journal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/9"
},
{
"name": "91776",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91776"
},
{
"name": "[oss-security] 20160713 Re: CVE Request: openshift-node is logging private RSA keys to the systemd journal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin/issues/3951"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160713 CVE Request: openshift-node is logging private RSA keys to the systemd journal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/9"
},
{
"name": "91776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91776"
},
{
"name": "[oss-security] 20160713 Re: CVE Request: openshift-node is logging private RSA keys to the systemd journal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/10"
},
{
"name": "https://github.com/openshift/origin/issues/3951",
"refsource": "CONFIRM",
"url": "https://github.com/openshift/origin/issues/3951"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8945",
"datePublished": "2016-08-05T15:00:00",
"dateReserved": "2016-07-13T00:00:00",
"dateUpdated": "2024-08-06T08:36:31.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}