CVE-2015-8945 — Cleartext Storage of Sensitive Info in Origin

CWE-255 CWE-312 — Cleartext Storage of Sensitive Info3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

0.1%

top 66.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openshift Origin

Timeline

Latest updateJul 12

PublishedAug 5

Description

openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 1.4 | Impact: 3.6

Affected Packages1 packages

▶NVDopenshift/origin1.1.6

Patches

Patch: github.com ↗Patch: github.com ↗

📋Vendor Advisories

Red Hat

openshift-origin: Logging of private RSA keys into systemd journal↗2015-07-29

▶

💬Community

Bugzilla

CVE-2015-8945 openshift-origin: Logging of private RSA keys into systemd journal↗2016-07-12

▶