Skip to main content

Openshift

99 CVEs product

Monthly

CVE-2014-0188 HIGH This Week

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Openshift
NVD VulDB
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-1869 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Openshift Zeroclipboard
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-2119 Ruby MEDIUM PATCH This Month

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config". Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Passenger Openshift
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-2186 Maven HIGH PATCH Act Now

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 87.1%.

Red Hat Apache Information Disclosure Jboss Enterprise Brms Platform Jboss Enterprise Portal Platform +3
NVD
CVSS 2.0
7.5
EPSS
87.1%
Threat
4.1
CVE-2013-0164 LOW Monitor

The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Openshift Openshift Origin
NVD GitHub
CVSS 2.0
3.6
EPSS
0.1%
CVE-2012-5658 LOW Monitor

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openshift Openshift Origin
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-5647 MEDIUM POC PATCH This Month

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

PHP Red Hat Open Redirect Openshift Openshift Origin
NVD GitHub
CVSS 2.0
5.8
EPSS
0.5%
CVE-2012-5646 HIGH This Week

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Red Hat Information Disclosure Openshift Openshift Origin
NVD GitHub
CVSS 2.0
7.5
EPSS
0.9%
CVE-2012-5622 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Openshift
NVD GitHub
CVSS 2.0
6.8
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH This Week

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Openshift
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Openshift Zeroclipboard
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config". Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Passenger +1
NVD
EPSS 87% 4.1 CVSS 7.5
HIGH PATCH Act Now

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 87.1%.

Red Hat Apache Information Disclosure +5
NVD
EPSS 0% CVSS 3.6
LOW Monitor

The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Openshift +1
NVD GitHub
EPSS 0% CVSS 2.1
LOW Monitor

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openshift +1
NVD
EPSS 0% CVSS 5.8
MEDIUM POC PATCH This Month

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

PHP Red Hat Open Redirect +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Red Hat Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Openshift
NVD GitHub
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy