Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2014-1796.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2014-1906.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 00:40
Type | Values Removed | Values Added |
---|---|---|
Summary | Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp. | |
References |
|
02 Feb 2023, 15:16
Type | Values Removed | Values Added |
---|---|---|
Summary | It was found that OpenShift Enterprise did not restrict access to the /proc/net/tcp file in gears, which allowed local users to view all listening connections and connected sockets. This could result in remote system's IP or port numbers in use to be exposed, which may be useful for further targeted attacks. | |
References |
|
Information
Published : 2014-11-13 21:32
Updated : 2023-12-10 11:31
NVD link : CVE-2014-3602
Mitre link : CVE-2014-3602
CVE.ORG link : CVE-2014-3602
JSON object : View
Products Affected
redhat
- openshift
CWE
CWE-264
Permissions, Privileges, and Access Controls