Red Hat Security Advisory 2015-2615-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. It was found that OpenShift's API back end did not verify requests for pod log locations, allowing a pod on a Node to request logs for any other pod on that Node. A remote attacker could use this flaw to view sensitive information via pod logs that they would normally not have access to. This issue was discovered by Jordan Liggitt of Red Hat Atomic OpenShift. Continue reading...
