Fedora Account System
Red Hat Associate
Red Hat Customer
OpenShift Container Platform 4.1 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources. Fixes: https://github.com/openshift/cluster-kube-apiserver-operator/pull/499/ https://github.com/openshift/cluster-openshift-apiserver-operator/pull/205
Acknowledgments: Name: Mo Khan (Red Hat)
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.1 Via RHSA-2019:1591 https://access.redhat.com/errata/RHSA-2019:1591
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-10165