PT-2016-6405 · Red Hat · Red Hat Openshift Enterprise
Yanping Zhang
·
Published
2016-08-05
·
Updated
2023-02-12
·
CVE-2016-5392
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat OpenShift Enterprise version 3.2
Description
The issue allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information in a multi-tenant environment. This is related to vectors involving the watch-cache list.
Recommendations
For Red Hat OpenShift Enterprise version 3.2, consider restricting access to the watch-cache list as a temporary workaround until a patch is available. Additionally, limit the visibility of project names to authorized users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Openshift Enterprise