HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2016:1064 | Vendor Advisory |
https://github.com/openshift/origin/pull/8334 | Patch |
Configurations
History
12 Feb 2023, 23:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. |
02 Feb 2023, 21:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | An information disclosure flaw was discovered in haproxy as used by OpenShift Enterprise; a cookie with the name "OPENSHIFT_[namespace]_SERVERID" was set, which contained the internal IP address of a pod. |
Information
Published : 2016-06-08 17:59
Updated : 2023-12-10 11:46
NVD link : CVE-2016-3711
Mitre link : CVE-2016-3711
CVE.ORG link : CVE-2016-3711
JSON object : View
Products Affected
redhat
- openshift
- openshift_origin
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor