Bug 1316267 (CVE-2016-2149)

Summary: CVE-2016-2149 OpenShift Enterprise 3: logs from a deleted namespace can be revealed if a new namespace with the same name is created
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bleanhar, ccoleman, dmcphers, jialiu, jkeck, joelsmith, jokerman, kseifried, lmeyer, mmccomas
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
It was found that OpenShift Enterprise would disclose log file contents from reclaimed namespaces. An attacker could create a new namespace to access log files present in a previously deleted namespace using the same name.
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-12 16:45:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1316216, 1316271, 1316272, 1316273    
Bug Blocks: 1303130, 1316274, 1326106, 1326107    

Description Kurt Seifried 2016-03-09 20:09:56 UTC
Wesley Hearn of Red Hat reports:

Description of problem:
Users are able to access logs of a deleted namespace if recreated with the same name regardless if they were the previous owner.

Steps to Reproduce:
1. User A creates a namespace and populates logs
2. User A deletes namespace
3. User B creates a new namespace with the same name

Actual results:
User B can access logs from User A's namespace

Expected results:
User B should be restricted to logs generated from the pods he created in his new namespace.

Comment 1 Kurt Seifried 2016-03-09 20:10:07 UTC
Acknowledgments:

Name: Wesley Hearn (Red Hat)

Comment 4 errata-xmlrpc 2016-05-12 16:32:20 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Enterprise 3.2

Via RHSA-2016:1064 https://access.redhat.com/errata/RHSA-2016:1064