PT-2016-5025 · Red Hat · Red Hat Openshift Enterprise
Published
2016-06-08
·
Updated
2023-02-13
·
CVE-2016-2142
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat OpenShift Enterprise version 3.1
Description
The issue concerns a configuration file with world-readable permissions, allowing local users to access sensitive information, specifically Active Directory credentials, by reading the file /etc/origin/master/master-config.yaml.
Recommendations
For Red Hat OpenShift Enterprise version 3.1, consider changing the permissions of the /etc/origin/master/master-config.yaml file to restrict access and prevent unauthorized reading of the file. As a temporary workaround, restrict local access to the server to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Openshift Enterprise