Total
158 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3602 | 1 Redhat | 1 Openshift | 2023-02-12 | 2.1 LOW | N/A |
Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp. | |||||
CVE-2014-3496 | 1 Redhat | 2 Openshift, Openshift Origin | 2023-02-12 | 10.0 HIGH | N/A |
cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file. | |||||
CVE-2014-0234 | 1 Redhat | 1 Openshift | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281. | |||||
CVE-2014-0233 | 1 Redhat | 1 Openshift | 2023-02-12 | 6.5 MEDIUM | N/A |
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. | |||||
CVE-2014-0188 | 1 Redhat | 1 Openshift | 2023-02-12 | 7.5 HIGH | N/A |
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger. | |||||
CVE-2014-0175 | 3 Debian, Puppet, Redhat | 3 Debian Linux, Marionette Collective, Openshift | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
mcollective has a default password set at install | |||||
CVE-2014-0164 | 1 Redhat | 1 Openshift | 2023-02-12 | 2.1 LOW | N/A |
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file. | |||||
CVE-2013-0196 | 1 Redhat | 2 Enterprise Linux, Openshift | 2023-02-12 | 4.3 MEDIUM | 6.5 MEDIUM |
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser. | |||||
CVE-2013-0165 | 1 Redhat | 1 Openshift | 2023-02-12 | 7.5 HIGH | 7.3 HIGH |
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. | |||||
CVE-2012-5622 | 1 Redhat | 1 Openshift | 2023-02-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. | |||||
CVE-2021-4047 | 1 Redhat | 1 Openshift | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9. | |||||
CVE-2020-1707 | 1 Redhat | 1 Openshift | 2023-02-12 | 4.4 MEDIUM | 7.0 HIGH |
A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
CVE-2020-1709 | 1 Redhat | 1 Openshift | 2023-02-12 | 4.6 MEDIUM | 7.8 HIGH |
A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
CVE-2019-19355 | 1 Redhat | 1 Openshift | 2023-02-12 | 4.4 MEDIUM | 7.0 HIGH |
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4. | |||||
CVE-2019-19335 | 1 Redhat | 1 Openshift | 2023-02-12 | 2.1 LOW | 4.4 MEDIUM |
During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable. | |||||
CVE-2019-19351 | 1 Redhat | 1 Openshift | 2023-02-12 | 4.4 MEDIUM | 7.0 HIGH |
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11. | |||||
CVE-2019-19345 | 1 Redhat | 1 Openshift | 2023-02-12 | 4.6 MEDIUM | 7.8 HIGH |
A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
CVE-2019-14845 | 1 Redhat | 1 Openshift | 2023-02-12 | 2.9 LOW | 5.3 MEDIUM |
A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content. | |||||
CVE-2018-1102 | 1 Redhat | 1 Openshift | 2023-02-12 | 6.5 MEDIUM | 8.8 HIGH |
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation. | |||||
CVE-2017-15137 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2023-02-12 | 5.0 MEDIUM | 5.3 MEDIUM |
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed. |