Jeremy Choi of Red Hat discovered that OpenShift is vulnerable to several shell command injection flaws due to unsanitized data being passed directly into shell commands. Remote code execution as root has been demonstrated via (authenticated) mcollective commands however other attack vectors may also exist.
This issue is only exploitable if the attacker has shell access to the broker node, which should never be allowed in production. As such the impact has been downgraded from critical to important.
This issue affects the versions of rubygem-openshift-origin-node as shipped with Red Hat OpenShift Enterprise 2. Red Hat Product Security has rated this issue as having Important security impact, however this issue only affects systems using a non supported configuration (e.g. broker and node on the same host, or untrusted users on the broker servers). A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Created rubygem-openshift-origin-node tracking bugs for this issue:
Affects: fedora-all [bug 1187463]