Skip to main content

Openshift Origin

8 CVEs product

Monthly

CVE-2016-3711 LOW PATCH Monitor

HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Red Hat Information Disclosure Openshift Openshift Origin
NVD GitHub
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-2160 HIGH PATCH This Week

Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Red Hat Privilege Escalation Openshift Origin Openshift
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2015-5250 Go MEDIUM PATCH This Month

The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Openshift Origin
NVD GitHub
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-3496 CRITICAL Act Now

cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Openshift Openshift Origin
NVD GitHub
CVSS 2.0
10.0
EPSS
5.4%
CVE-2013-0164 LOW Monitor

The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Openshift Openshift Origin
NVD GitHub
CVSS 2.0
3.6
EPSS
0.1%
CVE-2012-5658 LOW Monitor

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openshift Openshift Origin
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-5647 MEDIUM POC PATCH This Month

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

PHP Red Hat Open Redirect Openshift Openshift Origin
NVD GitHub
CVSS 2.0
5.8
EPSS
0.5%
CVE-2012-5646 HIGH This Week

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Red Hat Information Disclosure Openshift Openshift Origin
NVD GitHub
CVSS 2.0
7.5
EPSS
0.9%
EPSS 0% CVSS 3.3
LOW PATCH Monitor

HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Red Hat Information Disclosure Openshift +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Red Hat Privilege Escalation Openshift Origin +1
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Openshift Origin
NVD GitHub
EPSS 5% CVSS 10.0
CRITICAL Act Now

cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Openshift +1
NVD GitHub
EPSS 0% CVSS 3.6
LOW Monitor

The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Openshift +1
NVD GitHub
EPSS 0% CVSS 2.1
LOW Monitor

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openshift +1
NVD
EPSS 0% CVSS 5.8
MEDIUM POC PATCH This Month

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

PHP Red Hat Open Redirect +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Red Hat Information Disclosure +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy