How to check if OpenShift Container Platform 4 audit logs are leaking user and Service account token credentials

Solution Verified - Updated -

Issue

API audit logs utilizing the following extended policy profiles are affected:

  • WriteRequestBodies
  • AllRequestBodies

These policy profiles can contain sensitive information like access tokens, which in case of being forwarded to an external aggregator, it can allow 3rd parties to gain access to the cluster.

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4
  • OpenShift API server
  • Kubernetes API server
  • OAuth API server.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content