Описание
openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Enterprise 3 | Security | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-312
https://bugzilla.redhat.com/show_bug.cgi?id=1355733openshift-origin: Logging of private RSA keys into systemd journal
5.5 Medium
CVSS3
2.1 Low
CVSS2
Связанные уязвимости
CVSS3: 5.1
nvd
больше 9 лет назад
openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal.
5.5 Medium
CVSS3
2.1 Low
CVSS2