RHCOS 3 : atomic-openshift (RHSA-2016:1427)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1427 advisory. - Kubernetes: disclosure of information in multi tenant environments via watch-cache list CVE-2016-5392 Note that Nessus has not tested for...

RHEL 7 : atomic-openshift (RHSA-2016:1427)

An update for atomic-openshift is now available for Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2016-5392

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list...

CVE-2016-5392

The CVE-2016-5392 vulnerability affects Red Hat OpenShift Enterprise 3.2 deployments where the Kubernetes API server’s watch cache allows a remote, authenticated user who knows other project names to disclose sensitive project and user information. The root cause is an input validation error in t...

CVE-2016-5392

The Kubernetes API server contains a watch cache that speeds up performance. Due to an input validation error OpenShift Enterprise may return data for other users and projects when queried by a user. An attacker with knowledge of other project names could use this vulnerability to view their...