CVE-2014-0164
The MITRE CVE dictionary describes this issue as:
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.
Find out more about CVE-2014-0164 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 4.6 |
|---|---|
| Base Metrics | AV:L/AC:L/Au:N/C:P/I:P/A:P |
| Access Vector | Local |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| RHOSE Client 2.0 (openshift-origin-broker-util) | RHSA-2014:0460 | 2014-05-01 |
| RHOSE Client 1.2 (openshift-origin-broker-util) | RHSA-2014:0461 | 2014-05-01 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat OpenShift Enterprise 2 | ruby193-mcollective | Affected |
| Red Hat OpenShift Enterprise 1 | mcollective | Affected |
Acknowledgements
This issue was discovered by Jeremy Choi of the Red Hat Quality Engineering Group.CVE description copyright © 2017, The MITRE Corporation