CVE-2019-10165
published 2019-07-30CVE-2019-10165: OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A…
low2.3CVSS 3.1
AVLACLPRHUINSUCLINAN
OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| red_hat | openshift | — | — |
| redhat | openshift_container_platform | < 4.1.3 | 4.1.3 |