OpenShift fails to restrict access to /proc/net/tcp which allows local users to view all listening connections and connected sockets. This can result in remote systems IP/port numbers in use being exposed which may be useful for further targeted attacks. Please note that for local listeners OpenShift restricts connections to within the cartridge by default, so even with the knowledge of the local port and ip the attacker will not be able to connect.
*** Bug 817596 has been marked as a duplicate of this bug. ***
*** Bug 1147598 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: RHEL 6 Version of OpenShift Enterprise 2.2 Via RHSA-2014:1796 https://rhn.redhat.com/errata/RHSA-2014-1796.html
IssueDescription: It was found that OpenShift Enterprise did not restrict access to the /proc/net/tcp file in gears, which allowed local users to view all listening connections and connected sockets. This could result in remote system's IP or port numbers in use to be exposed, which may be useful for further targeted attacks.
This issue has been addressed in the following products: RHEL 6 Version of OpenShift Enterprise 2.1 Via RHSA-2014:1906 https://rhn.redhat.com/errata/RHSA-2014-1906.html