CVE-2019-14854
5.3
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | library-go | As shipped with Openshift 4.x | affected |
Weaknesses
- CWE-117: CWE-117
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.