Red Hat OpenShift Container Platform is vulnerable to information leakage. The vulnerability is possible because of a missing input validation in OpenShift request handling for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.
www.securityfocus.com/bid/94935
access.redhat.com/errata/RHSA-2016:2915
access.redhat.com/security/cve/CVE-2016-8651
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1388522
bugzilla.redhat.com/show_bug.cgi?id=1388524
bugzilla.redhat.com/show_bug.cgi?id=1397987
bugzilla.redhat.com/show_bug.cgi?id=1398417
bugzilla.redhat.com/show_bug.cgi?id=1399700
bugzilla.redhat.com/show_bug.cgi?id=1400200
bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651