A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was incorrectly stored in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this by reading the oauth-serving-cert ConfigMap in either the openshift-config-managed or openshift-console namespaces, to access private keys used to encrypt all web traffic.
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was incorrectly stored in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this by reading the oauth-serving-cert ConfigMap in either the openshift-config-managed or openshift-console namespaces, to access private keys used to encrypt all web traffic.
All versions of the OpenShift Container Platform below 4.9 are not affected by this vulnerability.