An information disclosure flaw was found in the way OpenShift restricted access to cron scripts. A local, authenticated user could use this flaw to gain access to cron scripts of other users, which could potentially contain sensitive information.
Acknowledgements: Red Hat would like to thank Marcos of colorvamp.com for reporting this issue.
will fix upstream and openshift service, wontfix for ose 2, so marking wontfix overall and leaving the tracker for oso
If it is fixed upstream, then OSE 2.2 will most likely ship it at some point, depending on the complexity. Also it's a related bug that cron jobs don't share context with their corresponding gears, so that would be nice to fix.