anonhaven
Ad

CVE-2026-28675

MEDIUM CVSS 3.1: 5.3 EPSS 0.03%
Updated Mar 06, 2026
OpenShift
Parameter Value
CVSS 5.3 (MEDIUM)
Fixed In 1.6.3
Type CWE-200 (Information Exposure (Раскрытие информации)), CWE-209 (Information Exposure Through Error Message (Раскрытие через ошибки))
Vendor OpenShift
Public PoC No

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered responses and token rotation output.

This issue has been patched in version 1.6.3-alpha.

Attack Parameters

Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Privileges Required
None
Права не нужны
User Interaction
None
Не нужно действие пользователя

Impact Assessment

Confidentiality
Low
Частичная утечка данных
Integrity
None
Нет модификации данных
Availability
None
Нет нарушения работы

CVSS Vector v3.1

Weakness Type (CWE)

CWE-200 Information Exposure (Раскрытие информации)
CWE-209 Information Exposure Through Error Message (Раскрытие через ошибки)

References 5

https://github.com/OpenSift/OpenSift/commit/1126e0a503876056a68a434e19f64158a5a…
security-advisories@github.com
https://github.com/OpenSift/OpenSift/commit/de99b9c
security-advisories@github.com
https://github.com/OpenSift/OpenSift/pull/67
security-advisories@github.com
https://github.com/OpenSift/OpenSift/releases/tag/v1.6.3-alpha
security-advisories@github.com
https://github.com/OpenSift/OpenSift/security/advisories/GHSA-667g-rvcj-w976
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-28677

OpenShift

8.2

CVE-2026-28676

OpenShift

8.8