In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity.
9.1CVSS
9AI Score
0.002EPSS
In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.
5.3CVSS
5.2AI Score
0.001EPSS
openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal.
5.1CVSS
4.9AI Score
0.001EPSS