108 matches found
Insecure Defaults
openshift-origin-broker is vulnerable to insecure defaults. The vulnerability exists as it was discovered that openshift-origin-broker configured several default user names and passwords for services if no user name or password was specified during installation. A remote attacker could use these...
Arbitrary Code Execution
rubygem-openshift-origin-node is vulnerable to arbitrary code execution attacks. The vulnerability exists as Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced...
Authentication Bypass
openshift-origin-broker is vulnerable to authentication bypass attacks. The vulnerability exists as the openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attacker...
Information Disclosure
rhc-chk.rb in Red Hat OpenShift Origin is vulnerable to information disclosure. When -d debug mode is used, the output of the process contains confidential information such as the plaintext database passwords. This leads to unintentional disclosure of confidential in support channels such as a...
Remote Code Execution (RCE)
rubygem-openshift-origin-node is vulnerable to remote code execution. A remote authenticated user is permitted to install cartridges via the web interface, which would allow a remote attacker to abuse the application behavior to execute arbitrary code on the system with root privileges...
[SECURITY] Fedora 29 Update: origin-3.11.1-1.fc29
OpenShift Origin is a distribution of Kubernetes optimized for enterprise a pplication development and deployment. OpenShift Origin adds developer and operational centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle...
RHEL 6 : openshift-origin-node-util (RHSA-2013:0148)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2013:0148 advisory. The openshift-origin-node-util package provides a set of utility scripts for a node. Red Hat OpenShift Enterprise is a cloud computing...
RHEL 6 : openshift-origin-broker (RHSA-2014:0422)
Updated openshift-origin-broker and rubygem-openshift-origin-auth-remote-user packages that fix one security issue are now available for Red Hat OpenShift Enterprise 1.2.7. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring...
RHEL 6 : openshift-origin-broker-util (RHSA-2014:0461)
An updated openshift-origin-broker-util package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.2.7. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
RHEL 6 : rubygem-openshift-origin-node (RHSA-2014:0762)
An updated rubygem-openshift-origin-node package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.2.8. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
RHEL 6 : rubygem-openshift-origin-node (RHSA-2014:0763)
An updated rubygem-openshift-origin-node package that fixes one security issue is now available for Red Hat OpenShift Enterprise 2.0.6. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
RHEL 6 : openshift-origin-broker-util (RHSA-2014:0460)
An updated openshift-origin-broker-util package that fixes one security issue is now available for Red Hat OpenShift Enterprise 2.0.5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
RHEL 6 : rubygem-openshift-origin-console (RHSA-2015:1808)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2015:1808 advisory. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud...
[SECURITY] Fedora 28 Update: origin-3.9.0-1.fc28
OpenShift Origin is a distribution of Kubernetes optimized for application development and deployment. OpenShift Origin adds developer and operational centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for...
Design/Logic Flaw
openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal...
CVE-2015-8945
openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal...
Red Hat OpenShift Origin Information Disclosure Vulnerability
Red Hat OpenShift Origin is an open source Platform as a Service PaaS product from Red Hat, Inc. An information disclosure vulnerability exists in Red Hat OpenShift Origin, which can be exploited by attackers to obtain sensitive information...
CVE-2016-2160
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image...
PT-2016-5671 · Red Hat +1 · Openshift Origin +2
Name of the Vulnerable Software and Affected Versions: HAproxy in Red Hat OpenShift Enterprise version 3.2 HAproxy in OpenShift Origin version 3.2 Description: The issue allows local users to obtain the internal IP address of a pod by reading the OPENSHIFT namespace SERVERID cookie...
CVE-2015-5274
rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker...