Information Disclosure

2017-04-2707:33:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

github.com/openshift/origin is vulnerable to information disclosure. The HAproxy allows puts the internal IP address of a pod into the OPENSHIFT_[namespace]_SERVERID cookie, allowing local users to obtain this information.

CPENameOperatorVersion
github.com/openshift/origineqHEAD
github.com/openshift/originle1.1.6
nodejs-osenveq0.0.3__5.el7
nodejs-json-stringify-safeeq5.0.0__1.el7
nodejs-mimeeq1.2.11__1.el7
python-mimeparseeq0.1.4__1.el7ost
nodejs-sntpeq0.2.4__1.el7
jenkinseq1.625.3__2.el7aos
openshift-elasticsearch-plugineq0.7.0.redhat_1__1.el7
nodejs-read-all-streameq1.0.2__1.el7

Name	Operator	Version
github.com/openshift/origin	eq	HEAD
github.com/openshift/origin	le	1.1.6
nodejs-osenv	eq	0.0.3__5.el7
nodejs-json-stringify-safe	eq	5.0.0__1.el7
nodejs-mime	eq	1.2.11__1.el7
python-mimeparse	eq	0.1.4__1.el7ost
nodejs-sntp	eq	0.2.4__1.el7
jenkins	eq	1.625.3__2.el7aos
openshift-elasticsearch-plugin	eq	0.7.0.redhat_1__1.el7
nodejs-read-all-stream	eq	1.0.2__1.el7