Bug 1479490 - Release Note for 3.6.0 on Ansible Service Broker and security concern
Release Note for 3.6.0 on Ansible Service Broker and security concern
Status: CLOSED CURRENTRELEASE
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation (Show other bugs)
3.6.0
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Ashley Hardin
Vikram Goyal
Vikram Goyal
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-08 11:57 EDT by John Matthews
Modified: 2017-08-15 13:53 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Release Note
Doc Text:
In OCP 3.6.0 the Ansible Service Broker exposes an unprotected route which allows unauthenticated users to provision resources in the cluster, namely Mediawiki and Postgres Ansible Playbook Bundles.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-15 13:53:36 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Matthews 2017-08-08 11:57:47 EDT
In OCP 3.6.0 the Ansible Service Broker exposes an unprotected route which allows unauthenticated users to provision resources in the cluster, namely Mediawiki and Postgres Ansible Playbook Bundles.

Note You need to log in before you can comment on or make changes to this bug.