The openshift-origin-broker package provides the OpenShift Broker service that manages all user logins, DNS name resolution, application states, and general orchestration of the applications.
The rubygem-openshift-origin-auth-remote-user package provides the remote user authentication plug-in.
A flaw was found in the way openshift-origin-broker handled authentication requests via the remote user authentication plug-in. A remote attacker able to submit a request to openshift-origin-broker could set the X-Remote-User header, and send the request to a passthrough trigger, resulting in a bypass of the authentication checks to gain access to any OpenShift user account on the system. (CVE-2014-0188)
All users of Red Hat OpenShift Enterprise 1.2.7 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, restart the httpd daemon for this update to take effect.