RHCOS 1 : openshift-origin-broker (RHSA-2014:0422)

The remote Red Hat Enterprise Linux CoreOS 1 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0422 advisory. - OpenShift: openshift-origin-broker plugin allows impersonation CVE-2014-0188 Note that Nessus has not tested for this issue but has instead...

RHCOS 2 : openshift-origin-broker (RHSA-2014:0423)

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0423 advisory. - OpenShift: openshift-origin-broker plugin allows impersonation CVE-2014-0188 Note that Nessus has not tested for this issue but has instead...

RHCOS 2 : openshift-origin-broker-util (RHSA-2014:0460)

The remote Red Hat Enterprise Linux CoreOS 2 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2014:0460 advisory. - mcollective: world readable client config CVE-2014-0164 Note that Nessus has not tested for this issue but has instead relied only on the...

RHSA-2014:0423 Red Hat Security Advisory: openshift-origin-broker security update

Bulletin has no description...

RHSA-2014:0422 Red Hat Security Advisory: openshift-origin-broker security update

Bulletin has no description...

Insecure Defaults

openshift-origin-broker is vulnerable to insecure defaults. The vulnerability exists as it was discovered that openshift-origin-broker configured several default user names and passwords for services if no user name or password was specified during installation. A remote attacker could use these...

Authentication Bypass

openshift-origin-broker is vulnerable to authentication bypass attacks. The vulnerability exists as the openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attacker...

RHEL 6 : openshift-origin-broker-util (RHSA-2014:0461)

An updated openshift-origin-broker-util package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.2.7. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

RHEL 6 : openshift-origin-broker-util (RHSA-2014:0460)

An updated openshift-origin-broker-util package that fixes one security issue is now available for Red Hat OpenShift Enterprise 2.0.5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

RHEL 6 : openshift-origin-broker (RHSA-2014:0422)

Updated openshift-origin-broker and rubygem-openshift-origin-auth-remote-user packages that fix one security issue are now available for Red Hat OpenShift Enterprise 1.2.7. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring...

Authentication flaw

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request...

CVE-2014-0188

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request...