Skip to main content

Openshift

99 CVEs product

Monthly

CVE-2025-14512 MEDIUM PATCH This Month

Integer overflow in GLib's GIO escape_byte_string() function enables heap buffer overflow and denial-of-service when processing malicious filesystem attribute values over the network. The vulnerability affects GLib across GNOME, Red Hat Enterprise Linux 7-10, and OpenShift 4.0+, requiring only unauthenticated network access and user interaction. EPSS score of 0.07% (percentile 22) indicates low exploitation probability despite CVSS 6.5, suggesting the attack requires specific file/attribute handling conditions; no public exploit or active exploitation (CISA KEV) confirmed at analysis time.

Integer Overflow Buffer Overflow Glib Openshift Enterprise Linux
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-45777 MEDIUM PATCH This Month

A flaw was found in grub2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Grub2 Openshift Enterprise Linux
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-12085 HIGH POC PATCH THREAT Act Now

A flaw was found in rsync which could be triggered when rsync compares file checksums. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.1%.

Information Disclosure Rsync Openshift Openshift Container Platform Enterprise Linux +17
NVD GitHub
CVSS 3.1
7.5
EPSS
19.1%
CVE-2024-1485 Go HIGH PATCH This Week

A flaw was found in the decompression function of registry-support. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Registry Support Openshift Openshift Developer Tools And Services
NVD GitHub
CVSS 3.1
8.0
EPSS
1.6%
CVE-2023-0229 Go MEDIUM PATCH This Month

A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openshift
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2023-0296 MEDIUM This Month

The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openshift
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-3259 HIGH This Week

Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Openshift
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2022-3262 HIGH This Week

A flaw was found in Openshift. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openshift
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-3260 MEDIUM POC This Month

The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openshift
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-2403 MEDIUM PATCH This Month

A credentials leak was found in the OpenShift Container Platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openshift
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-3636 MEDIUM POC This Month

It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Openshift
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-10715 MEDIUM PATCH This Month

A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Openshift
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-1759 MEDIUM PATCH This Month

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Red Hat Ceph Storage Openshift Openstack +2
NVD
CVSS 3.1
6.8
EPSS
1.6%
CVE-2020-1709 HIGH This Week

A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openshift
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-1707 HIGH This Week

A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation PostgreSQL Openshift
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2019-14845 MEDIUM This Month

A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Openshift
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2019-6648 MEDIUM This Month

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Red Hat Container Ingress Service Openshift
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-3884 MEDIUM This Month

A vulnerability exists in the garbage collection mechanism of atomic-openshift. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Openshift
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2018-14645 HIGH This Week

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Haproxy Ubuntu Linux +3
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2018-10875 PyPI HIGH PATCH This Week

A flaw was found in ansible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ansible Engine Ceph Storage Gluster Storage Openshift +6
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2018-10885 HIGH This Week

In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Openshift
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-1257 Maven MEDIUM PATCH This Month

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Java Denial Of Service Spring Framework Openshift Agile Product Lifecycle Management +27
NVD
CVSS 3.1
6.5
EPSS
3.3%
CVE-2018-1102 HIGH PATCH This Week

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Openshift
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-1059 MEDIUM This Month

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Ceph Storage Enterprise Linux Fast Datapath Openshift +5
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1069 HIGH This Week

Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. Rated high severity (CVSS 7.1). No vendor patch available.

Red Hat Authentication Bypass Openshift
NVD
CVSS 3.0
7.1
EPSS
0.6%
CVE-2015-7501 Maven CRITICAL EUVD KEV PATCH Act Now

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 71.5%.

Apache Deserialization Java Red Hat Data Grid +14
NVD
CVSS 3.0
9.8
EPSS
71.5%
Threat
4.1
CVE-2015-0238 LOW Monitor

selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Information Disclosure Openshift
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2015-7561 Go LOW PATCH Monitor

Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Kubernetes Privilege Escalation Openshift
NVD GitHub
CVSS 3.0
3.1
EPSS
0.2%
CVE-2017-1000376 HIGH This Week

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow RCE Enterprise Virtualization Server Openshift Enterprise Linux +3
NVD
CVSS 3.1
7.0
EPSS
2.4%
CVE-2016-5409 HIGH This Week

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openshift
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-5418 HIGH POC PATCH This Week

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server Enterprise Linux Workstation +6
NVD GitHub
CVSS 3.0
7.5
EPSS
5.2%
CVE-2016-5766 HIGH POC PATCH THREAT Act Now

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.2%.

Integer Overflow Denial Of Service PHP Buffer Overflow Openshift +5
NVD GitHub
CVSS 3.0
8.8
EPSS
16.2%
CVE-2016-5392 MEDIUM This Month

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Red Hat Information Disclosure Openshift
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-2074 CRITICAL PATCH Act Now

Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Openvswitch Openshift
NVD
CVSS 3.0
9.8
EPSS
7.5%
CVE-2016-3738 HIGH This Week

Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Red Hat Privilege Escalation Openshift
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-3711 LOW PATCH Monitor

HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Red Hat Information Disclosure Openshift Openshift Origin
NVD GitHub
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-3708 HIGH This Week

Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Openshift
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2016-3703 MEDIUM This Month

Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Openshift
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2016-2160 HIGH PATCH This Week

Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Red Hat Privilege Escalation Openshift Origin Openshift
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2016-2149 MEDIUM This Month

Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openshift
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-2142 MEDIUM This Month

Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openshift
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-3727 Maven MEDIUM PATCH This Month

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-3726 Maven HIGH PATCH This Week

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Jenkins Openshift
NVD
CVSS 3.0
7.4
EPSS
0.1%
CVE-2016-3725 Maven MEDIUM PATCH This Month

Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Denial Of Service Privilege Escalation Openshift
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-3724 Maven MEDIUM PATCH This Month

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-3723 Maven MEDIUM PATCH This Month

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-3722 Maven MEDIUM PATCH This Month

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Denial Of Service Privilege Escalation Openshift
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-3721 Maven MEDIUM PATCH This Month

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Code Injection Openshift
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2015-7528 Go MEDIUM PATCH This Month

Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Kubernetes Information Disclosure Openshift
NVD GitHub
CVSS 3.0
5.3
EPSS
0.4%
CVE-2016-0792 Maven HIGH POC PATCH THREAT Act Now

Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.9%.

RCE Jenkins Openshift
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
90.9%
Threat
6.0
CVE-2016-0791 Maven CRITICAL PATCH Act Now

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

CSRF Jenkins Information Disclosure Openshift
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-0790 Maven MEDIUM PATCH This Month

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-0789 Maven MEDIUM PATCH This Month

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jenkins Code Injection Openshift
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-0788 Maven CRITICAL PATCH Act Now

The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 37.4%.

Jenkins RCE Privilege Escalation Openshift
NVD
CVSS 3.0
9.8
EPSS
37.4%
CVE-2015-7539 Maven HIGH PATCH This Week

The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

RCE Jenkins Openshift
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2015-7538 Maven HIGH PATCH This Week

Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Jenkins Openshift
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-7537 Maven HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Jenkins Openshift
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2015-5254 Maven CRITICAL PATCH Act Now

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 80.4%.

RCE Java Apache Openshift Activemq +1
NVD
CVSS 3.0
9.8
EPSS
80.4%
Threat
4.4
CVE-2015-5326 Maven MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Jenkins Openshift
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-5325 Maven HIGH PATCH This Week

Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Authentication Bypass Openshift
NVD
CVSS 2.0
7.5
EPSS
0.1%
CVE-2015-5324 Maven MEDIUM PATCH This Month

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Privilege Escalation Openshift
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-5323 Maven MEDIUM PATCH This Month

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Privilege Escalation Openshift
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-5322 Maven MEDIUM PATCH This Month

Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Jenkins Openshift
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-5321 Maven MEDIUM PATCH This Month

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-5320 Maven MEDIUM PATCH This Month

Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-5319 Maven MEDIUM PATCH This Month

XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

XXE Jenkins Openshift
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-5318 Maven MEDIUM PATCH This Month

Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Jenkins Openshift
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-5305 Go MEDIUM PATCH This Month

Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Kubernetes Red Hat Openshift
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2015-1814 Maven HIGH PATCH This Week

The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Privilege Escalation Openshift
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2015-1813 Maven MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Jenkins Openshift
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-1812 Maven MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Jenkins Openshift
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-1810 Maven MEDIUM PATCH This Month

The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable.

Jenkins Privilege Escalation Openshift
NVD
CVSS 2.0
4.6
EPSS
0.4%
CVE-2015-1808 Maven LOW PATCH Monitor

Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Denial Of Service Jenkins Openshift
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-1807 LOW Monitor

Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Jenkins Openshift
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2015-1806 Maven MEDIUM PATCH This Month

The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Jenkins RCE Privilege Escalation Openshift
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2015-5274 MEDIUM This Month

rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Red Hat Openshift
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2015-5222 HIGH This Week

Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Openshift
NVD
CVSS 2.0
8.5
EPSS
0.5%
CVE-2014-0233 MEDIUM POC This Month

Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Red Hat Openshift
NVD
CVSS 2.0
6.5
EPSS
1.0%
CVE-2014-3674 HIGH This Week

Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Openshift
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-3602 LOW Monitor

Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Openshift
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-3680 Maven MEDIUM PATCH This Month

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-3667 Maven MEDIUM PATCH This Month

Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-3666 Maven HIGH PATCH This Week

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Jenkins Code Injection Openshift
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-3663 Maven MEDIUM PATCH This Month

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Jenkins Privilege Escalation Openshift
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-3662 Maven MEDIUM PATCH This Month

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-3661 Maven MEDIUM PATCH This Month

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Jenkins Openshift
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3681 Maven MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Jenkins Openshift
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3664 Maven MEDIUM PATCH This Month

Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Jenkins Openshift
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-3496 CRITICAL Act Now

cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Openshift Openshift Origin
NVD GitHub
CVSS 2.0
10.0
EPSS
5.4%
CVE-2014-0164 LOW Monitor

openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openshift
NVD VulDB
CVSS 2.0
2.1
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Integer overflow in GLib's GIO escape_byte_string() function enables heap buffer overflow and denial-of-service when processing malicious filesystem attribute values over the network. The vulnerability affects GLib across GNOME, Red Hat Enterprise Linux 7-10, and OpenShift 4.0+, requiring only unauthenticated network access and user interaction. EPSS score of 0.07% (percentile 22) indicates low exploitation probability despite CVSS 6.5, suggesting the attack requires specific file/attribute handling conditions; no public exploit or active exploitation (CISA KEV) confirmed at analysis time.

Integer Overflow Buffer Overflow Glib +2
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A flaw was found in grub2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Grub2 +2
NVD
EPSS 19% CVSS 7.5
HIGH POC PATCH THREAT Act Now

A flaw was found in rsync which could be triggered when rsync compares file checksums. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.1%.

Information Disclosure Rsync Openshift +19
NVD GitHub
EPSS 2% CVSS 8.0
HIGH PATCH This Week

A flaw was found in the decompression function of registry-support. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Registry Support Openshift +1
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openshift
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openshift
NVD
EPSS 1% CVSS 7.4
HIGH This Week

Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Openshift
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A flaw was found in Openshift. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openshift
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openshift
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A credentials leak was found in the OpenShift Container Platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openshift
NVD
EPSS 0% CVSS 4.6
MEDIUM POC This Month

It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Openshift
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Openshift
NVD GitHub
EPSS 2% CVSS 6.8
MEDIUM PATCH This Month

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Red Hat Ceph Storage +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openshift
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation PostgreSQL Openshift
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Openshift
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Red Hat +2
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A vulnerability exists in the garbage collection mechanism of atomic-openshift. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Openshift
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in ansible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ansible Engine Ceph Storage +8
NVD
EPSS 2% CVSS 7.5
HIGH This Week

In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Openshift
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Java Denial Of Service Spring Framework +29
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Openshift
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Ceph Storage +7
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. Rated high severity (CVSS 7.1). No vendor patch available.

Red Hat Authentication Bypass Openshift
NVD
EPSS 71% 4.1 CVSS 9.8
CRITICAL EUVD KEV PATCH Act Now

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 71.5%.

Apache Deserialization Java +16
NVD
EPSS 0% CVSS 3.3
LOW Monitor

selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Information Disclosure +1
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Kubernetes Privilege Escalation Openshift
NVD GitHub
EPSS 2% CVSS 7.0
HIGH This Week

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow RCE Enterprise Virtualization Server +5
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openshift
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Enterprise Linux Desktop Enterprise Linux Hpc Node +8
NVD GitHub
EPSS 16% CVSS 8.8
HIGH POC PATCH THREAT Act Now

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.2%.

Integer Overflow Denial Of Service PHP +7
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Red Hat Information Disclosure +1
NVD
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Openvswitch +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Red Hat Privilege Escalation +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Red Hat Information Disclosure Openshift +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Openshift
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Openshift
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Red Hat Privilege Escalation Openshift Origin +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openshift
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openshift
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Jenkins Openshift
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Denial Of Service Privilege Escalation +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Denial Of Service Privilege Escalation +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Code Injection Openshift
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Kubernetes Information Disclosure Openshift
NVD GitHub
EPSS 91% 6.0 CVSS 8.8
HIGH POC PATCH THREAT Act Now

Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.9%.

RCE Jenkins Openshift
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

CSRF Jenkins Information Disclosure +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jenkins Code Injection Openshift
NVD
EPSS 37% CVSS 9.8
CRITICAL PATCH Act Now

The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 37.4%.

Jenkins RCE Privilege Escalation +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

RCE Jenkins Openshift
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Jenkins Openshift
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Jenkins Openshift
NVD
EPSS 80% 4.4 CVSS 9.8
CRITICAL PATCH Act Now

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 80.4%.

RCE Java Apache +3
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Jenkins Openshift
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Authentication Bypass Openshift
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Privilege Escalation Openshift
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Privilege Escalation Openshift
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Jenkins Openshift
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

XXE Jenkins Openshift
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Jenkins Openshift
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Kubernetes Red Hat +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Privilege Escalation Openshift
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Jenkins Openshift
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Jenkins Openshift
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable.

Jenkins Privilege Escalation Openshift
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Denial Of Service Jenkins Openshift
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Jenkins Openshift
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Jenkins RCE Privilege Escalation +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Red Hat Openshift
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Openshift
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Red Hat +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Openshift
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Openshift
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Jenkins Code Injection +1
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Jenkins Privilege Escalation Openshift
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Openshift
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Jenkins Openshift
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Jenkins Openshift
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Jenkins Openshift
NVD
EPSS 5% CVSS 10.0
CRITICAL Act Now

cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Openshift +1
NVD GitHub
EPSS 0% CVSS 2.1
LOW Monitor

openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openshift
NVD VulDB
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy