The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.
CVSS v3.0 Score
6.5
/ 10.0
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Information
- Published
- 5 août 2016
- Updated
- 12 avr. 2025
- Status
- Deferred
- Source
- secalert@redhat.com
Affected products
redhat openshift
Versions : 3.2
Weaknesses (CWE)
CWE-200
References (6)
- http://www.securityfocus.com/bid/91793Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2016:1427Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1356195Issue Tracking
- http://www.securityfocus.com/bid/91793Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2016:1427Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1356195Issue Tracking
Similar CVEs
Other vulnerabilities of type CWE-200
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.