Описание
A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.
Отчет
OAuthTokens are only valid for 1 day by default.
Меры по смягчению последствий
Ensure the OpenShift API Server logs are kept private
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift | Affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-openshift-apiserver-rhel9 | Affected |
Показывать по
Дополнительная информация
Статус:
7.1 High
CVSS3
Связанные уязвимости
A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.
A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.
7.1 High
CVSS3