CVE-2019-14854

Name of the Vulnerable Software and Affected Versions OpenShift Container Platform 4

Description The issue is related to insufficient protection of log data. When the log level in an operator is set to Debug or higher, secret data written to static pod logs is not sanitized. This could allow a low-privileged user to read pod logs and discover secret material if a privileged user has already modified the log level in an operator. The vulnerability may enable a remote attacker to disclose protected information.

Recommendations For OpenShift Container Platform 4, consider setting the log level in operators to a level lower than Debug to minimize the risk of secret material exposure until a fix is available. As a temporary workaround, restrict access to pod logs to prevent low-privileged users from reading sensitive information.