CVE-2015-7528Sensitive Information Exposure in Kubernetes Kubernetes

CWE-200Sensitive Information ExposureCWE-20Improper Input Validation8 documents7 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 41.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Kubernetes KubernetesKubernetesRedhat Openshift
Timeline
PublishedApr 11
Latest updateAug 21

Description

Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDredhat/openshift3.0, 3.1+1

🔴Vulnerability Details

4
OSV
Information Exposure in Kubernetes in github.com/kubernetes/kubernetes2024-08-21
GHSA
Information Exposure in Kubernetes2022-04-12
OSV
Information Exposure in Kubernetes2022-04-12
CVEList
CVE-2015-7528: Kubernetes before 12016-04-11

📋Vendor Advisories

2
Red Hat
OpenShift: pod log location must validate container if provided2015-11-27
Debian
CVE-2015-7528: kubernetes - Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod lo...2015

💬Community

1
Bugzilla
CVE-2015-7528 OpenShift: pod log location must validate container if provided2015-11-30
CVE-2015-7528 — Sensitive Information Exposure | cvebase