Lucene search
K

54 matches found

Veracode
Veracode
added 2019/05/02 5:34 a.m.29 views

Authorization Bypass

openshift is vulnerable to authorization bypass. The vulnerability exists as remotely authenticated users can access the Docker socket and gain additional privileges via build-pod...

8.8CVSS8.6AI score0.01941EPSS
Exploits0References11Affected Software2
Tenable Nessus
Tenable Nessus
added 2018/12/04 12:0 a.m.25 views

RHEL 7 : Red Hat OpenShift Enterprise 3.2 (RHSA-2016:1094)

"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1094 advisory. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private clo...

8.8CVSS6.5AI score0.01941EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2018/03/12 7:40 p.m.4 views

kubernetes: Volume security can be sidestepped with innocent emptyDir and subpath

It was found that volume security can be sidestepped with innocent emptyDir and subpath. This could give an attacker with access to a pod full control over the node host by gaining access to docker socket...

9.6CVSS7.2AI score0.11586EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2018/03/12 4:19 p.m.49 views

CVE-2017-1002101

It was found that volume security can be sidestepped with innocent emptyDir and subpath. This could give an attacker with access to a pod full control over the node host by gaining access to docker socket...

9.6CVSS1.4AI score0.11586EPSS
Exploits2References2
OSV
OSV
added 2017/04/04 12:59 a.m.2 views

CVE-2017-7412

NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands...

7.8CVSS5.5AI score
Exploits0References3
Prion
Prion
added 2017/04/04 12:59 a.m.16 views

Command injection

NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands...

7.2CVSS7.6AI score0.00363EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/04/04 12:0 a.m.18 views

CVE-2017-7412

NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands...

7.7AI score0.00363EPSS
Exploits0References3
OSV
OSV
added 2016/06/08 5:59 p.m.3 views

CVE-2016-3738

Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod...

8.8CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2016/06/08 5:59 p.m.19 views

Design/Logic Flaw

Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod...

6.5CVSS6.9AI score0.01941EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2016/06/08 5:0 p.m.55 views

CVE-2016-3738

CVE-2016-3738 affects Red Hat OpenShift Enterprise 3.2, where the STI build process does not restrict access properly. This vulnerability allows remote authenticated users to access the Docker socket and escalate privileges via build-pod related vectors. The issue originates from insufficient acc...

8.8CVSS8.3AI score0.01941EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2016/06/08 12:0 a.m.5 views

PT-2016-5687 · Red Hat +1 · Red Hat Openshift Enterprise +1

Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise version 3.2 Description: The issue is related to improper access restriction to STI builds, allowing remote authenticated users to access the Docker socket and gain privileges. This is achieved through vectors...

8.8CVSS8.4AI score0.01941EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/05/19 8:12 p.m.38 views

Important: Red Hat Security Advisory: Red Hat OpenShift Enterprise 3.2 security update

An update for atomic-openshift and nodejs-node-uuid is now available for Red Hat OpenShift Enterprise 3.2. In addition, all images have been rebuilt on the new RHEL 7.2.4 base image. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

8.8CVSS6.6AI score0.01941EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2016/05/19 8:12 p.m.7 views

origin: pod update allows docker socket access via build-pod

A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges...

8.8CVSS5.7AI score0.01941EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2016/05/19 3:48 p.m.32 views

CVE-2016-3738

A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges...

8.8CVSS4.2AI score0.01941EPSS
Exploits0References1
Rows per page
Query Builder