38 matches found
EUVD-2024-45178
Malicious code in bioql PyPI...
EUVD-2022-4032
Malicious code in bioql PyPI...
EUVD-2021-7677
Malicious code in bioql PyPI...
EUVD-2024-3382
Malicious code in bioql PyPI...
K000151459: OpenShift vulnerability CVE-2023-2253
Security Advisory Description A flaw was found in the /v2/catalog endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned query string: n. This vulnerability allows a malicious user to submit an unreasonably large value for n, causing the...
Red Hat OpenShift 安全漏洞
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat USA that supports building, testing, deploying and running applications. A security vulnerability exists in Red Hat OpenShift. An attacker can exploit the vulnerability to cause a denial of service by modifyin...
Red Hat OpenShift 访问控制错误漏洞
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat USA that supports building, testing, deploying and running applications. An access control error vulnerability exists in Red Hat OpenShift. An attacker exploiting this vulnerability could gain cluster...
PT-2024-31663
Name of the Vulnerable Software and Affected Versions: OpenShift versions 4 JBoss Fuse version 7 Description: A flaw was found in the build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build po...
OpenShift Must Gather Operator Improper Input Validation vulnerability
A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource CRD of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard...
The vulnerability of the /v2/_catalog component of the Red Hat OpenShift Container Platform allows a attacker to trigger a service failure.
The vulnerability of the /v2/catalog component of the Red Hat OpenShift Container Platform relates to the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...
CVE-2017-7517
An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access...
Red Hat OpenShift 输入验证错误漏洞
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat that enables building, testing, deploying and running applications. An input validation error vulnerability exists in Redhat Openshift Enterprise, which arises when a user creates a project named "MyProject" a...
Vulnerability fixed in Red Hat OpenShift Container Platform
A vulnerability has been found in OpenShift Container Platform. The private key for an external cluster certificate is stored in an insecure manner in the oauth-serving-cert ConfigMaps and therefore available to any OpenShift user or service account. A malicious can obtain this private key and...
Red Hat OpenShift Container Platform Log Information Disclosure Vulnerability
Red Hat OpenShift Container Platform is a suite of application platforms from Red Hat that enable organizations to develop, deploy and manage existing container-based applications across physical, virtual and public cloud infrastructures. A log information disclosure vulnerability exists in Red H...
kubernetes: authentication/authorization bypass in the handling of non-101 responses
A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in...
atomic-openshift: oc patch with json causes masterapi service crash
An out of bounds write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform 3.x. An attacker can use this flaw to cause a denial of service attack on the Openshift master API service which provides cluster management...
The vulnerability of the software for managing clusters of virtual machines in Kubernetes and the cloud platform OpenShift allows a hacker to read arbitrary logs.
The vulnerability of the Kubernetes cluster management software and the cloud platform OpenShift is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to read arbitrary logs using the container name, while operating remotely...
OpenShift: downloadable cartridge source url file command execution as root
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme...