OpenShift Enterprise by Red Hat is the company’s cloud computing Platform-
as-a-Service (PaaS) solution designed for on-premise or private cloud
deployments.
Security Fix(es):
A flaw was found in Kibana’s logging functionality. If custom logging
output was configured in Kibana, private user data could be written to the
Kibana log files. A system attacker could use this data to hijack sessions
of other users when using Kibana behind some form of authentication such as
Shield.
A cross-site scripting (XSS) flaw was found in Kibana. A remote attacker
could use this flaw to inject arbitrary web script into pages served to
other users.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | openshift-elasticsearch-plugin | < 0.16.0.redhat_1-1.el7 | openshift-elasticsearch-plugin-0.16.0.redhat_1-1.el7.noarch.rpm |
RedHat | 7 | x86_64 | kibana | < 4.1.11-1.el7 | kibana-4.1.11-1.el7.x86_64.rpm |
RedHat | 7 | x86_64 | kibana-debuginfo | < 4.1.11-1.el7 | kibana-debuginfo-4.1.11-1.el7.x86_64.rpm |