CVE-2016-7075

It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate...

PT-2018-4981 · Linux Foundation +1 · Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Openshift Enterprise 3 Description: A flaw was found in the validation of X.509 client intermediate certificate host name fields in Kubernetes as used by Openshift Enterprise. This could allow an attacker to bypass authentication requirements...

Red Hat OpenShift Container Platform Denial of Service Vulnerability

Red Hat OpenShift Container Platform is an application platform from Red Hat that enables organizations to develop, deploy and manage existing container-based applications across physical, virtual and public cloud infrastructures. A denial of service vulnerability exists in Red Hat OpenShift...

Red Hat OpenShift Detection (HTTP)

HTTP based detection of Red Hat OpenShift. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.141450...

CVE-2018-14632

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management...

CVE-2018-14632

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management...

Cross site scripting

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management...

CVE-2018-14632

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management...

UBUNTU-CVE-2018-14632

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management...

CVE-2018-14632

OpenShift Container Platform before 3.7 is vulnerable to an out-of-bounds write when patching an object via oc patch, which could cause a denial of service to the master API service. Root cause: JSON Patch out-of-bounds write. Remediation/fix version is not specified in the provided documents; mo...

CVE-2018-14632

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management...

PT-2018-12628 · Red Hat · Openshift Container Platform

Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform versions prior to 3.7 Description: The issue is related to an out-of-bounds write that can occur when patching an OpenShift object using the oc patch functionality. This can be exploited to cause a denial of servi...

Red Hat Openshift Container Platform Cross-Site Scripting Vulnerability

Red Hat OpenShift Container Platform is a Red Hat application platform that enables organizations to develop, deploy, and manage existing container-based applications across physical, virtual, and public cloud infrastructures. nodejs is a web application platform built on top of Google's V8...

Red Hat OpenShift Enterprise cluster-reader information disclosure vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. cluster-reader is a cluster-reader component. A security vulnerability exists in th...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Node.js 10.9.0 security update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Node.js 8.11.4 security update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Critical: Red Hat Security Advisory: Red Hat FIS 2.0 on Fuse 6.3.0 R7 security and bug fix update

An update is now available for Red Hat Fuse Integration Services. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2017-15138

The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens...

Code injection

The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens...

CVE-2017-15138

The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens...