CVE-2014-3602 — Sensitive Information Exposure in Redhat Openshift

CWE-264 CWE-200 — Sensitive Information Exposure9 documents7 sources

Severity

2.1LOWNVD

EPSS

0.0%

top 85.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openshift

Timeline

PublishedNov 13

Latest updateNov 3

Description

Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/openshift2.1.8+15

🔴Vulnerability Details

GHSA

GHSA-7ggv-2g22-cxqr: Red Hat OpenShift Enterprise before 2↗2022-05-13

▶

CVEList

CVE-2014-3602: Red Hat OpenShift Enterprise before 2↗2014-11-13

▶

📋Vendor Advisories

Red Hat

OpenShift: /proc/net/tcp information disclosure↗2014-08-19

▶

🕵️Threat Intelligence

Qualys

OpenSSL Vulnerability Recap | Qualys↗2022-11-03

▶

💬Community

Bugzilla

CVE-2014-3602 OpenShift: /proc/net/tcp information disclosure↗2014-08-19

▶