PT-2016-6405 · Red Hat · Red Hat Openshift Enterprise

Yanping Zhang

Publicado

2016-08-05

Atualizado

2023-02-12

CVE-2016-5392

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Red Hat OpenShift Enterprise version 3.2

Description The issue allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information in a multi-tenant environment. This is related to vectors involving the watch-cache list.

Recommendations For Red Hat OpenShift Enterprise version 3.2, consider restricting access to the watch-cache list as a temporary workaround until a patch is available. Additionally, limit the visibility of project names to authorized users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2016-5392

RHSA-2016:1427

Produtos afetados

Red Hat Openshift Enterprise

PT-2016-6405 · Red Hat · Red Hat Openshift Enterprise

CVE-2016-5392

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5