CVE-2016-2142

Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file...

CVE-2016-2142

Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file...

PT-2016-5025 · Red Hat · Red Hat Openshift Enterprise

Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise version 3.1 Description: The issue concerns a configuration file with world-readable permissions, allowing local users to access sensitive information, specifically Active Directory credentials, by reading the fil...

Red Hat OpenShift Enterprise Information Disclosure Vulnerability

Red Hat OpenShift is a platform-as-a-service cloud computing platform that builds, tests, deploys and runs applications. The /etc/origin/master/master-config.yaml configuration file containing Active Directory certificates is globally readable in Red Hat OpenShift Enterprise, allowing a local...

openshift: Bind password for AD account is stored in world readable file

An access flaw was discovered in OpenShift; the /etc/origin/master/master-config.yaml configuration file, which could contain Active Directory credentials, was world-readable. A local user could exploit this flaw to obtain authentication credentials from the master-config.yaml file...