The openshift-origin-broker-util package has world-readable permission vulnerability. It happens because the package sets the permissions for mcollective client.cfg
configuration as world-readable by default, leakaging sensitive information regarding the mcollective installation, including mcollective authentication credentials. Using sensitive information leakage, an attacker can take control of all OpenShift nodes managed via mcollective.
rhn.redhat.com/errata/RHSA-2014-0460.html
rhn.redhat.com/errata/RHSA-2014-0461.html
access.redhat.com/errata/RHSA-2014:0460
access.redhat.com/errata/RHSA-2014:0461
access.redhat.com/security/cve/CVE-2014-0164
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1083847
rhn.redhat.com/errata/RHSA-2014-0461.html