108 matches found
2.2: API command injection vulnerability
A command injection flaw was found in the OpenShift Origin Management Console. A remote, authenticated user permitted to send requests to the Broker could use this flaw to execute arbitrary commands with elevated privileges on the Red Hat OpenShift server...
Red Hat OpenShift Origin API Server Denial of Service Vulnerability
Red Hat OpenShift Origin is an open source Platform as a Service PaaS product from Red Hat, Inc. A security vulnerability in the API server of Red Hat OpenShift Origin version 1.0.5 can be exploited by a remote attacker to cause a denial of service crash of the master process with specially craft...
CVE-2015-5250
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...
CVE-2015-5250
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...
PT-2015-6816 · Red Hat · Openshift Origin
Name of the Vulnerable Software and Affected Versions: OpenShift Origin version 1.0.5 Description: The issue allows remote attackers to cause a denial of service, resulting in a master process crash, via crafted JSON data sent to the API server. Recommendations: For OpenShift Origin version 1.0.5...
CVE-2014-0233
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme...
Design/Logic Flaw
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme...
PT-2014-3550 · Red Hat · Openshift Origin +1
Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise versions 2.0 through 2.1 OpenShift Origin affected versions not specified Description: The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is...
Design/Logic Flaw
cartridgerepository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a 1 .tar.gz, 2 .zip, 3 .tgz, or 4 .tar file extension in a cartridge manifest file...
Critical: Red Hat Security Advisory: rubygem-openshift-origin-node security update
An updated rubygem-openshift-origin-node package that fixes one security issue is now available for Red Hat OpenShift Enterprise 2.0.6. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
Critical: Red Hat Security Advisory: rubygem-openshift-origin-node security update
An updated rubygem-openshift-origin-node package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.2.8. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
rubygem-openshift-origin-node: cron.daily/cron.weekly denial of service
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly...
mcollective: world readable client config
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file...
Authentication flaw
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request...
CVE-2014-0188
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request...
CVE-2013-0164
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...
CVE-2012-5658
OpenShift Origin before 1.1 is vulnerable: when running rhc-chk.rb with -d (debug mode), it writes passwords and other sensitive information in cleartext (e.g., in logs or support channels). The root cause is that the rhc-chk output is not redacted in debug mode. Red Hat’s RHSA-2013-0220 confirms...
CVE-2012-5658
rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d debug mode is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channel...
CVE-2013-0164
Affected product: Red Hat OpenShift Origin before 1.1. The CVE-2013-0164 issue resides in the lockwrap function of port-proxy/bin/openshift-port-proxy-cfg, which creates a temporary file in /tmp insecurely. This allows local users to overwrite arbitrary files via a symlink attack on a predictable...
Design/Logic Flaw
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATHINFO...