VYPR
← All advisories
Unrated severityNVD Advisory· Published May 5, 2014· Updated May 6, 2026

CVE-2014-0164

CVE-2014-0164

Description

openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

World-readable mcollective client.cfg in openshift-origin-broker-util exposes credentials to local users, allowing full control over OpenShift nodes.

Vulnerability

The openshift-origin-broker-util package, used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, sets world-readable permissions on the mcollective client.cfg configuration file. This file contains sensitive information including mcollective authentication credentials. [1][2]

Exploitation

A local user on a host with the OpenShift Broker installed can read the world-readable client.cfg file. No special privileges are required beyond local access to the filesystem. The attacker can then extract the mcollective credentials. [1][2]

Impact

With the obtained mcollective credentials, an attacker gains full control over all OpenShift nodes managed via mcollective. This allows arbitrary actions on the nodes, potentially compromising the entire OpenShift environment. [1][2]

Mitigation

Red Hat released updated openshift-origin-broker-util packages that correct the file permissions. For OpenShift Enterprise 2.0.5, the fix is in RHSA-2014:0460; for version 1.2.7, in RHSA-2014:0461. Users should upgrade to the fixed packages. [1][2]

References
  1. http://rhn.redhat.com/errata/RHSA-2014-0460.html
  2. http://rhn.redhat.com/errata/RHSA-2014-0461.html

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Red Hat/Openshift2 versions
    cpe:2.3:a:redhat:openshift:1.2.7:*:enterprise:*:*:*:*:*+ 1 more
    • cpe:2.3:a:redhat:openshift:1.2.7:*:enterprise:*:*:*:*:*
    • cpe:2.3:a:redhat:openshift:2.0.5:*:enterprise:*:*:*:*:*
  • Red Hat/OpenShift Enterprisellm-fuzzy
    Range: 1.2.7, 2.0.5

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.