Origin
CVE-2015-8945
MEDIUM
Severity by source
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal.
AnalysisAI
openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.
Technical ContextAI
This vulnerability is classified under CWE-255. openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal. Affected products include: Openshift Origin.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in Electronic Arts Origin before 10.5.39. Rated high severity (CVSS 8.8), this vulnerability is
A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Ori
Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2). Rated high severity (CVSS 7.8), this
Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2). Rated high severity (CVSS 7.8), this
Same weakness CWE-255 – Credentials Management Errors
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today