Redhat OpenShift Container Platform CVE-2019-14854 Information Disclosure Vulnerability

Description

Redhat OpenShift Container Platform is prone to an information-disclosure vulnerability. Successful exploits may allow the attacker to obtain sensitive information. This may lead to other attacks. OpenShift Container Platform 4.1 and 4.2 are vulnerable.

Technologies Affected

• Redhat OpenShift Container Platform 4.1
• Redhat OpenShift Container Platform 4.2

Recommendations

Block external access at the network boundary, unless external parties require service.
If possible, block external access to the server hosting the vulnerable software. Permit access for trusted or internal networks and computers only.

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of a successful attack, run the browser with the minimal amount of privileges required for functionality.

Implement multiple authentication mechanisms.
Implement multiple layers of encryption and authentication to help mitigate against exposure from this and other latent vulnerabilities.

Updates are available. Please see the references or vendor advisory for more information.