Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): OpenShift
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-1103 |
Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command. Published: June 12, 2018; 11:29:00 AM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-1070 |
routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard. Published: June 12, 2018; 9:29:00 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-1102 |
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation. Published: April 30, 2018; 3:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2016-9592 |
openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit. Published: April 16, 2018; 11:29:00 AM -0400 |
V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-7534 |
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod. Published: April 11, 2018; 3:29:00 PM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-1069 |
Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem. Published: March 09, 2018; 9:29:00 AM -0500 |
V3.0: 7.1 HIGH V2.0: 5.4 MEDIUM |
CVE-2013-4364 |
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. Published: January 08, 2018; 2:29:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2015-7501 |
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. Published: November 09, 2017; 12:29:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2015-0238 |
selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack. Published: September 25, 2017; 9:29:00 PM -0400 |
V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2015-7561 |
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. Published: August 07, 2017; 1:29:00 PM -0400 |
V3.0: 3.1 LOW V2.0: 3.5 LOW |
CVE-2016-5409 |
Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. Published: April 20, 2017; 1:59:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-5392 |
The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list. Published: August 05, 2016; 11:59:08 AM -0400 |
V3.0: 6.5 MEDIUM V2.0: 6.8 MEDIUM |
CVE-2015-8945 |
openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal. Published: August 05, 2016; 11:59:00 AM -0400 |
V3.0: 5.1 MEDIUM V2.0: 1.9 LOW |
CVE-2016-3738 |
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod. Published: June 08, 2016; 1:59:07 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2016-3711 |
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. Published: June 08, 2016; 1:59:06 PM -0400 |
V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2016-3708 |
Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary. Published: June 08, 2016; 1:59:05 PM -0400 |
V3.0: 7.1 HIGH V2.0: 5.5 MEDIUM |
CVE-2016-3703 |
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter. Published: June 08, 2016; 1:59:04 PM -0400 |
V3.0: 5.3 MEDIUM V2.0: 3.5 LOW |
CVE-2016-2160 |
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. Published: June 08, 2016; 1:59:03 PM -0400 |
V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2016-2149 |
Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace. Published: June 08, 2016; 1:59:01 PM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-2142 |
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file. Published: June 08, 2016; 1:59:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |