Information Disclosure

github.com/openshift/origin is vulnerable to information disclosure. The vulnerability is possible because kubernetes watch cache does not return the correct data in a multi tenant environment, revealing the data of a user to another user...

CVE-2016-5392

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list...

CVE-2016-5392

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list...

CVE-2016-5392

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list...

PT-2016-6405 · Red Hat · Red Hat Openshift Enterprise

Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise version 3.2 Description: The issue allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information in a multi-tenant environment. This is related to vectors...

Kubernetes: disclosure of information in multi tenant environments via watch-cache list

The Kubernetes API server contains a watch cache that speeds up performance. Due to an input validation error OpenShift Enterprise may return data for other users and projects when queried by a user. An attacker with knowledge of other project names could use this vulnerability to view their...