Описание
Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.
It was found that OpenShift Enterprise did not restrict access to the /proc/net/tcp file in gears, which allowed local users to view all listening connections and connected sockets. This could result in remote system's IP or port numbers in use to be exposed, which may be useful for further targeted attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Enterprise 1 | Security | Will not fix | ||
| Red Hat OpenShift Enterprise 2.1 | openshift-enterprise-upgrade | Fixed | RHSA-2014:1906 | 25.11.2014 |
| Red Hat OpenShift Enterprise 2.1 | openshift-origin-broker | Fixed | RHSA-2014:1906 | 25.11.2014 |
| Red Hat OpenShift Enterprise 2.1 | openshift-origin-broker-util | Fixed | RHSA-2014:1906 | 25.11.2014 |
| Red Hat OpenShift Enterprise 2.1 | openshift-origin-cartridge-jbosseap | Fixed | RHSA-2014:1906 | 25.11.2014 |
| Red Hat OpenShift Enterprise 2.1 | openshift-origin-cartridge-jbossews | Fixed | RHSA-2014:1906 | 25.11.2014 |
| Red Hat OpenShift Enterprise 2.1 | openshift-origin-msg-node-mcollective | Fixed | RHSA-2014:1906 | 25.11.2014 |
| Red Hat OpenShift Enterprise 2.1 | openshift-origin-node-util | Fixed | RHSA-2014:1906 | 25.11.2014 |
| Red Hat OpenShift Enterprise 2.1 | rubygem-openshift-origin-controller | Fixed | RHSA-2014:1906 | 25.11.2014 |
| Red Hat OpenShift Enterprise 2.1 | rubygem-openshift-origin-frontend-apachedb | Fixed | RHSA-2014:1906 | 25.11.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS2
Связанные уязвимости
Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.
Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.
EPSS
4 Medium
CVSS2