Page 11 of 51 results (0.007 seconds)

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. Kubernetes en versiones anteriores a 1.2.0-alpha.5 permite a atacantes remotos leer logs de pod arbitrarios a través de un nombre de contenedor. It was found that OpenShift's API back end did not verify requests for pod log locations, allowing a pod on a Node to request logs for any other pod on that Node. A remote attacker could use this flaw to view sensitive information via pod logs that they would normally not have access to. • http://rhn.redhat.com/errata/RHSA-2015-2615.html https://access.redhat.com/errata/RHSA-2015:2544 https://github.com/kubernetes/kubernetes/pull/17886 https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5 https://github.com/openshift/origin/pull/6113 https://access.redhat.com/security/cve/CVE-2015-7528 https://bugzilla.redhat.com/show_bug.cgi?id=1286745 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •