Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Filtered by product Openshift
Total 158 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-3884 1 Redhat 1 Openshift 2023-03-03 5.0 MEDIUM 5.4 MEDIUM
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.
CVE-2021-3697 2 Gnu, Redhat 12 Grub, Codeready Linux Builder, Developer Tools and 9 more 2023-02-23 4.4 MEDIUM 7.0 HIGH
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
CVE-2022-41731 2 Ibm, Redhat 2 Watson Knowledge Catalog On Cloud Pak For Data, Openshift 2023-02-21 N/A 9.8 CRITICAL
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402.
CVE-2023-0296 1 Redhat 1 Openshift 2023-02-12 N/A 5.3 MEDIUM
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.
CVE-2016-2142 1 Redhat 1 Openshift 2023-02-12 2.1 LOW 5.5 MEDIUM
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.
CVE-2016-2149 1 Redhat 1 Openshift 2023-02-12 4.0 MEDIUM 6.5 MEDIUM
Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.
CVE-2013-2119 3 Phusion, Redhat, Ruby-lang 3 Passenger, Openshift, Ruby 2023-02-12 4.6 MEDIUM N/A
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
CVE-2013-0164 1 Redhat 2 Openshift, Openshift Origin 2023-02-12 3.6 LOW N/A
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
CVE-2012-5646 1 Redhat 2 Openshift, Openshift Origin 2023-02-12 7.5 HIGH N/A
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.
CVE-2015-5305 1 Redhat 1 Openshift 2023-02-12 6.4 MEDIUM N/A
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.
CVE-2015-5274 1 Redhat 1 Openshift 2023-02-12 6.5 MEDIUM N/A
rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker.
CVE-2015-5222 1 Redhat 1 Openshift 2023-02-12 8.5 HIGH N/A
Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.
CVE-2014-3681 2 Jenkins, Redhat 2 Jenkins, Openshift 2023-02-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3662 2 Jenkins, Redhat 2 Jenkins, Openshift 2023-02-12 5.0 MEDIUM N/A
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
CVE-2014-3680 2 Jenkins, Redhat 2 Jenkins, Openshift 2023-02-12 4.0 MEDIUM N/A
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
CVE-2014-3674 1 Redhat 1 Openshift 2023-02-12 7.5 HIGH N/A
Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.
CVE-2014-3661 2 Jenkins, Redhat 2 Jenkins, Openshift 2023-02-12 5.0 MEDIUM N/A
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.
CVE-2014-3663 2 Jenkins, Redhat 2 Jenkins, Openshift 2023-02-12 6.0 MEDIUM N/A
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.
CVE-2014-3667 2 Jenkins, Redhat 2 Jenkins, Openshift 2023-02-12 4.0 MEDIUM N/A
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
CVE-2014-3664 2 Jenkins, Redhat 2 Jenkins, Openshift 2023-02-12 4.0 MEDIUM N/A
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.