7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.084 Low
EPSS
Percentile
93.4%
OpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS)
solution from Red Hat, and is designed for on-premise or private cloud
deployments.
A flaw was found in the handling of paths provided to ruby193-rubygem-rack.
A remote attacker could use this flaw to conduct a directory traversal
attack by passing malformed requests. (CVE-2013-0262)
A timing attack flaw was found in the way rubygem-rack and
ruby193-rubygem-rack processed HMAC digests in cookies. This flaw could aid
an attacker using forged digital signatures to bypass authentication
checks. (CVE-2013-0263)
It was found that Jenkins did not protect against Cross-Site Request
Forgery (CSRF) attacks. If a remote attacker could trick a user, who was
logged into Jenkins, into visiting a specially-crafted URL, the attacker
could perform operations on Jenkins. (CVE-2013-0327, CVE-2013-0329)
A cross-site scripting (XSS) flaw was found in Jenkins. A remote attacker
could use this flaw to conduct an XSS attack against users of Jenkins.
(CVE-2013-0328)
A flaw could allow a Jenkins user to build jobs they do not have access to.
(CVE-2013-0330)
A flaw could allow a Jenkins user to cause a denial of service if they
are able to supply a specially-crafted payload. (CVE-2013-0331)
Users are advised to upgrade to Red Hat OpenShift Enterprise 1.1.2. It is
recommended that you restart your system after applying this update.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | src | ruby193-rubygem-rack | < 1.4.1-4.el6 | ruby193-rubygem-rack-1.4.1-4.el6.src.rpm |
RedHat | 6 | noarch | ruby193-rubygem-rack | < 1.4.1-4.el6 | ruby193-rubygem-rack-1.4.1-4.el6.noarch.rpm |
RedHat | 6 | src | openshift-origin-cartridge-jenkins-1.4 | < 1.0.3-1.el6op | openshift-origin-cartridge-jenkins-1.4-1.0.3-1.el6op.src.rpm |
RedHat | 6 | noarch | rubygem-rack | < 1.3.0-4.el6op | rubygem-rack-1.3.0-4.el6op.noarch.rpm |
RedHat | 6 | noarch | openshift-origin-cartridge-jenkins-1.4 | < 1.0.3-1.el6op | openshift-origin-cartridge-jenkins-1.4-1.0.3-1.el6op.noarch.rpm |
RedHat | 6 | noarch | jenkins | < 1.502-1.el6op | jenkins-1.502-1.el6op.noarch.rpm |
RedHat | 6 | src | rubygem-rack | < 1.3.0-4.el6op | rubygem-rack-1.3.0-4.el6op.src.rpm |
RedHat | 6 | src | jenkins | < 1.502-1.el6op | jenkins-1.502-1.el6op.src.rpm |