5 matches found
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.14.30 bug fix and security update
Red Hat OpenShift Container Platform release 4.14.30 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.18 security update
Red Hat OpenShift Container Platform release 4.15.18 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...
CVE-2024-4369 Cluster-image-registry-operator: exposes a secret via env variable in pod definition on azure
An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURECLIENTSECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions t...
CVE-2024-4369 Cluster-image-registry-operator: exposes a secret via env variable in pod definition on azure
An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURECLIENTSECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions t...
CVE-2024-4369
OpenShift OpenShift Container Platform cluster-image-registry-operator is affected by CVE-2024-4369. The flaw exposes AZURE_CLIENT_SECRET via an environment variable in a pod definition on Azure environments. An attacker who can obtain pod information from the openshift-image-registry namespace a...