Bug 1286745 - (CVE-2015-7528) CVE-2015-7528 OpenShift: pod log location must validate container if provided
CVE-2015-7528 OpenShift: pod log location must validate container if provided
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20151127,repor...
: Security
: 1286289 (view as bug list)
Depends On: 1286747 1286748
Blocks: 1286751
  Show dependency treegraph
 
Reported: 2015-11-30 11:12 EST by Kurt Seifried
Modified: 2015-12-10 15:23 EST (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was found that OpenShift's API back end did not verify requests for pod log locations, allowing a pod on a Node to request logs for any other pod on that Node. A remote attacker could use this flaw to view sensitive information via pod logs that they would normally not have access to.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-03 14:36:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kurt Seifried 2015-11-30 11:12:26 EST
Jordan Liggitt of Atomic OpenShift reports:

UPSTREAM: 17886: pod log location must validate container if provided #6113 
has security implications, specifically a running pod could make an API call to 
view the logs of any pod running on the same Node.

External references:

https://github.com/openshift/origin/pull/6113
Comment 4 Martin Prpič 2015-12-01 11:38:55 EST
Acknowledgements:

This issue was discovered by Jordan Liggitt of Red Hat Atomic OpenShift.
Comment 5 errata-xmlrpc 2015-12-03 12:43:04 EST
This issue has been addressed in the following products:

  RHEL 7 Version of OpenShift Enterprise 3.0
  RHEL 7 Version of OpenShift Enterprise 3.1

Via RHSA-2015:2544 https://access.redhat.com/errata/RHSA-2015:2544
Comment 6 Kurt Seifried 2015-12-03 15:58:16 EST
*** Bug 1286289 has been marked as a duplicate of this bug. ***
Comment 7 errata-xmlrpc 2015-12-10 15:23:29 EST
This issue has been addressed in the following products:



Via RHSA-2015:2615 https://rhn.redhat.com/errata/RHSA-2015-2615.html

Note You need to log in before you can comment on or make changes to this bug.