Lucene search
K

108 matches found

RedHat Linux
RedHat Linux
added 2015/09/16 7:6 p.m.3 views

2.2: API command injection vulnerability

A command injection flaw was found in the OpenShift Origin Management Console. A remote, authenticated user permitted to send requests to the Broker could use this flaw to execute arbitrary commands with elevated privileges on the Red Hat OpenShift server...

6.5CVSS6AI score0.0209EPSS
Exploits0References4
CNVD
CNVD
added 2015/09/10 12:0 a.m.4 views

Red Hat OpenShift Origin API Server Denial of Service Vulnerability

Red Hat OpenShift Origin is an open source Platform as a Service PaaS product from Red Hat, Inc. A security vulnerability in the API server of Red Hat OpenShift Origin version 1.0.5 can be exploited by a remote attacker to cause a denial of service crash of the master process with specially craft...

4CVSS6.8AI score0.01952EPSS
Exploits0References1
NVD
NVD
added 2015/09/08 3:59 p.m.33 views

CVE-2015-5250

The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...

4CVSS6.4AI score0.01952EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/09/08 3:0 p.m.36 views

CVE-2015-5250

The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...

6.4AI score0.01952EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2015/09/08 12:0 a.m.4 views

PT-2015-6816 · Red Hat · Openshift Origin

Name of the Vulnerable Software and Affected Versions: OpenShift Origin version 1.0.5 Description: The issue allows remote attackers to cause a denial of service, resulting in a master process crash, via crafted JSON data sent to the API server. Recommendations: For OpenShift Origin version 1.0.5...

4.3CVSS7.5AI score0.01952EPSS
Exploits0References10
NVD
NVD
added 2014/11/16 11:59 a.m.29 views

CVE-2014-0233

Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme...

6.5CVSS7.2AI score0.01734EPSS
Exploits1References3
Prion
Prion
added 2014/11/16 11:59 a.m.25 views

Design/Logic Flaw

Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme...

6.5CVSS7.7AI score0.01734EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2014/11/16 12:0 a.m.7 views

PT-2014-3550 · Red Hat · Openshift Origin +1

Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise versions 2.0 through 2.1 OpenShift Origin affected versions not specified Description: The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is...

6.5CVSS6.8AI score0.01734EPSS
Exploits1References4
Prion
Prion
added 2014/06/20 2:55 p.m.28 views

Design/Logic Flaw

cartridgerepository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a 1 .tar.gz, 2 .zip, 3 .tgz, or 4 .tar file extension in a cartridge manifest file...

10CVSS8.1AI score0.05085EPSS
Exploits0References6Affected Software2
RedHat Linux
RedHat Linux
added 2014/06/18 7:59 p.m.31 views

Critical: Red Hat Security Advisory: rubygem-openshift-origin-node security update

An updated rubygem-openshift-origin-node package that fixes one security issue is now available for Red Hat OpenShift Enterprise 2.0.6. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

10CVSS6.1AI score0.05085EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2014/06/18 7:39 p.m.34 views

Critical: Red Hat Security Advisory: rubygem-openshift-origin-node security update

An updated rubygem-openshift-origin-node package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.2.8. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

10CVSS6.1AI score0.05085EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2014/05/14 12:0 a.m.3 views

rubygem-openshift-origin-node: cron.daily/cron.weekly denial of service

Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly...

5.5CVSS6.3AI score0.00311EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/05/01 7:2 p.m.4 views

mcollective: world readable client config

openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file...

2.1CVSS5.8AI score0.00383EPSS
Exploits0References4
Prion
Prion
added 2014/04/24 2:55 p.m.21 views

Authentication flaw

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request...

7.5CVSS7.5AI score0.01667EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/04/24 2:0 p.m.40 views

CVE-2014-0188

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request...

6.9AI score0.01667EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2013/02/24 10:55 p.m.4 views

CVE-2013-0164

The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...

3.6CVSS5.6AI score0.00365EPSS
Exploits0References7
CVE
CVE
added 2013/02/24 10:0 p.m.85 views

CVE-2012-5658

OpenShift Origin before 1.1 is vulnerable: when running rhc-chk.rb with -d (debug mode), it writes passwords and other sensitive information in cleartext (e.g., in logs or support channels). The root cause is that the rhc-chk output is not redacted in debug mode. Red Hat’s RHSA-2013-0220 confirms...

2.1CVSS6.2AI score0.00359EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2013/02/24 10:0 p.m.39 views

CVE-2012-5658

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d debug mode is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channel...

6.2AI score0.00359EPSS
Exploits0References2
CVE
CVE
added 2013/02/24 10:0 p.m.74 views

CVE-2013-0164

Affected product: Red Hat OpenShift Origin before 1.1. The CVE-2013-0164 issue resides in the lockwrap function of port-proxy/bin/openshift-port-proxy-cfg, which creates a temporary file in /tmp insecurely. This allows local users to overwrite arbitrary files via a symlink attack on a predictable...

3.6CVSS6.2AI score0.00365EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2013/02/24 9:55 p.m.22 views

Design/Logic Flaw

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATHINFO...

7.5CVSS8AI score0.02204EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder