Back to bug 1311220

Who When What Removed Added
Adam Mariš 2016-02-23 16:02:08 UTC CC security-response-team
Red Hat Bugzilla 2016-02-23 16:02:08 UTC Doc Type --- Bug Fix
Adam Mariš 2016-02-23 16:04:02 UTC Blocks 1311222
Adam Mariš 2016-02-23 16:04:29 UTC Depends On 1310289
Kurt Seifried 2016-02-29 21:55:30 UTC Whiteboard impact=moderate,public=no,reported=20160219,source=customer,cvss2=4.0/AV:N/AC:H/Au:N/C:P/I:P/A:N,cwe=CWE-522,openshift-enterprise-3/Security=new impact=moderate,public=20160217,reported=20160219,source=customer,cvss2=4.0/AV:N/AC:H/Au:N/C:P/I:P/A:N,cwe=CWE-522,openshift-enterprise-3/Security=new
Kurt Seifried 2016-02-29 21:55:33 UTC Summary EMBARGOED openshift: Bind password for AD account is stored in plaintext openshift: Bind password for AD account is stored in plaintext
Kurt Seifried 2016-02-29 21:55:37 UTC Group security, qe_staff
Scott Dodson 2016-03-02 18:37:52 UTC CC sdodson
Kurt Seifried 2016-03-02 18:44:02 UTC Summary openshift: Bind password for AD account is stored in plaintext openshift: Bind password for AD account is stored in world readable file
Kurt Seifried 2016-03-02 18:46:13 UTC Whiteboard impact=moderate,public=20160217,reported=20160219,source=customer,cvss2=4.0/AV:N/AC:H/Au:N/C:P/I:P/A:N,cwe=CWE-522,openshift-enterprise-3/Security=new impact=moderate,public=20160217,reported=20160219,source=customer,cvss2=2.1/AV:L/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-264,openshift-enterprise-3/Security=new
Kurt Seifried 2016-03-02 18:51:28 UTC Whiteboard impact=moderate,public=20160217,reported=20160219,source=customer,cvss2=2.1/AV:L/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-264,openshift-enterprise-3/Security=new impact=moderate,public=20160217,reported=20160219,source=customer,cvss2=2.1/AV:L/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-264,openshift-enterprise-3/Security=affected
Kurt Seifried 2016-03-02 18:55:56 UTC Depends On 1314035
Kurt Seifried 2016-03-02 18:56:02 UTC Depends On 1314036
Kurt Seifried 2016-03-02 19:06:41 UTC Alias CVE-2016-2142
Kurt Seifried 2016-03-02 19:06:49 UTC Summary openshift: Bind password for AD account is stored in world readable file CVE-2016-2142 openshift: Bind password for AD account is stored in world readable file
Kurt Seifried 2016-03-02 19:17:45 UTC Doc Text It was discovered that the /etc/origin/master/master-config.yaml configuration file, which may contain Active Directory credentials, was world-readable. A local user could use this flaw to obtain authentication credentials from this file.
Summer Long 2016-03-03 00:10:34 UTC CC slong
Doc Text It was discovered that the /etc/origin/master/master-config.yaml configuration file, which may contain Active Directory credentials, was world-readable. A local user could use this flaw to obtain authentication credentials from this file. An access flaw was discovered in OpenShift; the /etc/origin/master/master-config.yaml configuration file, which could contain Active Directory credentials, was world-readable. A local user could exploit this flaw to obtain authentication credentials from the master-config.yaml file.
Kurt Seifried 2016-03-03 15:50:11 UTC Whiteboard impact=moderate,public=20160217,reported=20160219,source=customer,cvss2=2.1/AV:L/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-264,openshift-enterprise-3/Security=affected impact=moderate,public=20160217,reported=20160219,source=customer,cvss2=2.1/AV:L/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-732,openshift-enterprise-3/Security=affected
Brenton Leanhardt 2016-04-05 19:34:51 UTC CC jliggitt
Kurt Seifried 2016-04-07 17:15:38 UTC Blocks 1324911
Kurt Seifried 2016-04-11 22:07:02 UTC Blocks 1326106
Kurt Seifried 2016-05-11 16:26:01 UTC Status NEW CLOSED
Resolution --- ERRATA
Last Closed 2016-05-11 12:26:01 UTC
Product Security DevOps Team 2019-09-29 13:44:17 UTC Whiteboard impact=moderate,public=20160217,reported=20160219,source=customer,cvss2=2.1/AV:L/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-732,openshift-enterprise-3/Security=affected

Back to bug 1311220