CVE-2016-5392

medium

Published 2016-08-05 · Modified 2026-05-06

CVSS v3

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2

6.8

VIR risk

6.5

Description

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://access.redhat.com/errata/RHSA-2016:1427

Application impact

Vendor	Product	Versions	Fixed
redhat	openshift	`3.2`

References

http://www.securityfocus.com/bid/91793
https://access.redhat.com/errata/RHSA-2016:1427
https://bugzilla.redhat.com/show_bug.cgi?id=1356195
http://www.securityfocus.com/bid/91793
https://access.redhat.com/errata/RHSA-2016:1427
https://bugzilla.redhat.com/show_bug.cgi?id=1356195

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.