The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openshift | Redhat | * | 1.0 (including) |
Openshift_origin | Redhat | 1.0.5 (including) | 1.0.5 (including) |