CVE-2019-10213
published 2019-11-25CVE-2019-10213: OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| red_hat | openshift | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |