The vulnerability of the software for managing clusters of virtual machines in Kubernetes and the cloud platform OpenShift allows a hacker to read arbitrary logs.

The vulnerability of the Kubernetes cluster management software and the cloud platform OpenShift is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to read arbitrary logs using the container name, while operating remotely...

Red Hat OpenShift Information Disclosure Vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. A security vulnerability exists in Red Hat OpenShift Enterprise version 3.x that...

Important: Red Hat Security Advisory: openvswitch security update

Updated openvswitch packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PT-2016-1701 · Google · Kubernetes

Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to 1.2.0-alpha.5 Description: The issue allows remote attackers to read arbitrary pod logs via a container name. This is related to a lack of protection for service data in the Kubernetes cluster management tool and...

Important: Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update

Red Hat OpenShift Enterprise release 2.2.9, which fixes several security issues, several bugs, and introduces feature enhancements, is now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which giv...

Moderate: Red Hat Security Advisory: kubernetes security update

Updated kubernetes packages that fix two security issues are now available for Red Hat OpenShift Enterprise 3.0.2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

OracleVM 3.3 : sos (OVMSA-2016-0011)

The remote OracleVM system is missing necessary patches to address critical security updates : - Add vendor, vendor URL info for Oracle Linux orabug 17656507 - Direct traceroute to linux.oracle.com John Haxby orabug 11713272 - Check oraclelinux-release instead of redhat-release to get OS version...

CVE-2016-1906

Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed...

CVE-2016-1906

Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed...

Design/Logic Flaw

Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed...

CVE-2016-1906

Technical details about CVE-2016-1906 are not publicly available in the provided documents. No confirmed affected products, versions, or fixes are described here. Monitor for updates from OSS/OpenShift and related advisories.

CVE-2016-1906

Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed...

CVE-2016-1906

Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed...

PT-2016-1270 · Red Hat · Openshift

Name of the Vulnerable Software and Affected Versions: Openshift affected versions not specified Description: The issue is related to a lack of access control in the interface of a cluster management tool for Kubernetes virtual machines, allowing remote attackers to elevate their privileges. This...

Important: Red Hat Security Advisory: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update

Red Hat OpenShift Enterprise release 3.1.1 is now available with updates to packages that fix several security issues, bugs and introduce feature enhancements. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...

Important: Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.8 security, bug fix, and enhancement update

Red Hat OpenShift Enterprise release 2.2.8, which fixes one security issue, several bugs, and introduces feature enhancements, is now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

OpenShift: pod log location must validate container if provided

It was found that OpenShift's API back end did not verify requests for pod log locations, allowing a pod on a Node to request logs for any other pod on that Node. A remote attacker could use this flaw to view sensitive information via pod logs that they would normally not have access to...

Moderate: Red Hat Security Advisory: openshift security update

Updated openshift images that fix one security issue are now available for Red Hat OpenShift Enterprise 3.0 and 3.1. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: openshift security update

Updated openshift packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.0 and 3.1. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

OpenShift: pod log location must validate container if provided

It was found that OpenShift's API back end did not verify requests for pod log locations, allowing a pod on a Node to request logs for any other pod on that Node. A remote attacker could use this flaw to view sensitive information via pod logs that they would normally not have access to...