OpenShift IP address appears in cookie
Issue
- We noticed a cookie is set like
OPENSHIFT_<NAMESPACE>_SERVERID
which contains the internal docker ip address. Is this actually needed by Openshift's router and if not can it be disabled? - Internal IP address
is disclosed via the OPENSHIFT_<NAMESPACE>_SERVERID
cookie. - During security analysis, a customer found that a cookie was being set with the name of "OPENSHIFT_
_SERVERID", containing the internal IP address of the pod.
Environment
- OpenShift Enterprise Pre-3.2
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.