Description
A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/openshift/origin/blob/master/vendor/k8s.io/kubernetes/staging/src/k8s.io/apiserver/pkg/server/filters/wrap.go#L39
Patch, Third Party Advisory x_refsource_confirm
https://github.com/openshift/enhancements/pull/323
Scores
CVSS v3
7.5
EPSS
0.0030
EPSS Percentile
53.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
CWE-532
Status
published
Products (2)
redhat/openshift_container_platform
3.11
redhat/openshift_container_platform
4.0
Published
Jun 12, 2020
Tracked Since
Feb 18, 2026