Back to bug 1819011
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jason Shepherd | 2020-03-30 23:38:35 UTC | CC | security-response-team | |
| Jason Shepherd | 2020-03-31 00:06:01 UTC | Doc Text | Oauth tokens are not encrypted when encryption of data at rest is enabled. An attacker with access to a backup could obtain oauth tokens and use them to log into the cluster as any user who had logged into the cluster via the webui. | OAuth tokens are not encrypted when encryption of data at rest is enabled. An attacker with access to a backup could obtain OAuth tokens and use them to log into the cluster as any user who had logged into the cluster via the webui. |
| RaTasha Tillery-Smith | 2020-03-31 13:21:58 UTC | Doc Text | OAuth tokens are not encrypted when encryption of data at rest is enabled. An attacker with access to a backup could obtain OAuth tokens and use them to log into the cluster as any user who had logged into the cluster via the webui. | A flaw was found where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI. |
| Doc Type | --- | If docs needed, set a value | ||
| Jason Shepherd | 2020-04-01 00:49:43 UTC | Doc Text | A flaw was found where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI. | A flaw was found where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line. |
| Jason Shepherd | 2020-04-01 00:50:58 UTC | Depends On | 1819489, 1819490 | |
| Jason Shepherd | 2020-04-08 06:55:37 UTC | Doc Text | A flaw was found where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line. | A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line. |
| Summary | EMBARGOED ose-openshift-apiserver-container: oauth tokens not encrypted when enabling encryption of data at rest | EMBARGOED openshift/openshift-apiserver: oauth tokens not encrypted when enabling encryption of data at rest | ||
| Marian Rehak | 2020-04-08 07:12:30 UTC | Summary | EMBARGOED openshift/openshift-apiserver: oauth tokens not encrypted when enabling encryption of data at rest | EMBARGOED CVE-2020-10706 openshift/openshift-apiserver: oauth tokens not encrypted when enabling encryption of data at rest |
| Alias | CVE-2020-10706 | |||
| Jason Shepherd | 2020-04-24 05:34:03 UTC | Flags | needinfo?(sttts) | |
| Stefan Schimanski | 2020-04-28 09:24:41 UTC | Flags | needinfo?(sttts) | |
| Jason Shepherd | 2020-05-07 23:31:10 UTC | Flags | needinfo?(sttts) | |
| Stefan Schimanski | 2020-05-11 08:07:24 UTC | Flags | needinfo?(sttts) | |
| Jason Shepherd | 2020-05-11 21:13:47 UTC | Group | security, qe_staff | |
| CC | aos-bugs | |||
| Deadline | 2020-04-30 | |||
| Doc Text | A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line. | A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid. | ||
| Summary | EMBARGOED CVE-2020-10706 openshift/openshift-apiserver: oauth tokens not encrypted when enabling encryption of data at rest | CVE-2020-10706 openshift/openshift-apiserver: oauth tokens not encrypted when enabling encryption of data at rest | ||
| Dominik Mierzejewski | 2020-08-03 09:58:31 UTC | CC | dominik.mierzejewski | |
| Dan Clark | 2020-12-01 17:39:07 UTC | CC | danclark | |
| Flags | needinfo?(security-response-team) | |||
| Product Security DevOps Team | 2020-12-01 18:11:06 UTC | Flags | needinfo?(security-response-team) | needinfo?(jshepherd) |
| Jason Shepherd | 2020-12-02 01:50:18 UTC | Flags | needinfo?(jshepherd) | |
| Tomas Hoger | 2020-12-08 21:26:56 UTC | Comment 1 is private | 1 | 0 |
| Comment 4 is private | 1 | 0 | ||
| Comment 8 is private | 1 | 0 | ||
| Red Hat Bugzilla | 2022-01-08 05:27:39 UTC | CC | jokerman | |
| Red Hat Bugzilla | 2022-05-09 08:30:05 UTC | CC | aos-bugs | |
| Red Hat Bugzilla | 2023-04-29 08:27:57 UTC | CC | sttts | |
| Red Hat Bugzilla | 2023-07-07 08:28:35 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team |
Back to bug 1819011