CVE-2015-8945 Information
Feb 14, 2021
cve
Description
openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the –credentials option is used which allows local users to obtain sensitive private key information by reading the systemd journal.
CVSS Vector
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
http://www.openwall.com/lists/oss-security/2016/07/13/10 http://www.openwall.com/lists/oss-security/2016/07/13/9 http://www.securityfocus.com/bid/91776 https://github.com/openshift/origin/issues/3951
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
5.1
Share on: