CVE-2016-3711

Properties

Published:
07.06.2016
Updated:
10.06.2016
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:L/AC:L/Au:N/C:P/I:N/A:N)
    Product:
    redhat: openshift_origin

    Vulnerability description

    HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.

    References:

    CONFIRM: https://github.com/openshift/origin/pull/8334
    REDHAT: https://access.redhat.com/errata/RHSA-2016:1064