Sensitive Private Key Information Exposure in OpenShift Origin 1.1.6 and Earlier
CVE-2015-8945 · LOW Severity
AV:L/AC:M/AU:N/C:P/I:N/A:N
openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal.
Learn more about our User Device Pen Test.