github.com/openshift/origin is vulnerable to information disclosure. When a pod is used with the --credentials
option is used, a local attacker can get private key information by reading the systemd journal. This is because when the `–credential`` option is enabled, the router credentials are stored insecurely as envvars.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/openshift/origin | eq | HEAD | |
github.com/openshift/origin | le | 1.5.0-alpha.2 |