RHEL 6 : openshift-console (RHSA-2012:1555)
Medium Nessus Plugin ID 119427
SynopsisThe remote Red Hat host is missing a security update.
DescriptionAn updated openshift-console package that fixes one security issue is now available for OpenShift Enterprise.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The OpenShift Management Console provides a web interface for managing OpenShift Enterprise.
It was found that the OpenShift Management Console did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the OpenShift Management Console, into visiting an attacker controlled web page, the attacker could make changes to applications hosted within OpenShift Enterprise with the privileges of the victim which may lead to arbitrary code execution in the OpenShift Enterprise hosted applications. (CVE-2012-5622)
This issue was discovered by Red Hat.
All users of the OpenShift Management Console are advised to upgrade to this updated package, which corrects this issue. Before installing the updated package, stop the openshift-console service. After the package has been installed, start the openshift-console service.
SolutionUpdate the affected openshift-console package.