Search Results (Refine Search)
- CPE Product Version: cpe:/a:redhat:openshift:3.7::~~enterprise~~~
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-1102 |
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation. Published: April 30, 2018; 3:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2017-7534 |
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod. Published: April 11, 2018; 3:29:00 PM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-1069 |
Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem. Published: March 09, 2018; 9:29:00 AM -0500 |
V3.0: 7.1 HIGH V2.0: 5.4 MEDIUM |