OpenShift Enterprise Vulnerability Allowing Access to Webhook Tokens
CVE-2017-15138

5MEDIUM

Key Information:

Vendor: [unknown]
Status: Atomic-openshift
Vendor: CVE Published:; 13 August 2018

What is CVE-2017-15138?

An access control vulnerability in OpenShift Enterprise allows users with adequate privileges to access sensitive webhook tokens. This exposure could lead to potential unauthorized actions within the cluster, as the tokens can be utilized for authenticating queries to webhooks that may contain privileged information. Proper configuration and adherence to access policies are essential to mitigate risks associated with this vulnerability.

Affected Version(s)

atomic-openshift

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15138

x_refsource_CONFIRM

https://access.redhat.com/errata/RHBA-2018:0489

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2018
Vulnerability Reserved
Oct 8, 2017

CVE-2017-15138 Data

JSON

[unknown]

What is CVE-2017-15138?

Affected Version(s)

References

CVSS V3.1

Timeline