Root Command Execution

github.com/openshift/origin is vulnerable to root command execution. Remotely authenticated users can change the root password in a sti builder image which allows them to execute commands with root privileges...

Information Disclosure

github.com/openshift/origin is vulnerable to information disclosure. When a pod is used with the --credentials option is used, a local attacker can get private key information by reading the systemd journal. This is because when the --credential option is enabled, the router credentials are store...

Blockwise Chosen-boundary Attacks

github.com/openshift/origin is vulnerable to blockwise chosen-boundary attacks aka the "BEAST" attack. It encrypts data by using CBC mode with chained initialization vectors which allows attackers to obtain plaintext HTTP headers through blockwise chosen-boundary attacks on HTTPS sessions. This...

Red Hat OpenShift Enterprise Information Disclosure Vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. An information disclosure vulnerability exists in Red Hat OpenShift Enterprise...

Design/Logic Flaw

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies...

CVE-2016-5409

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies...

CVE-2016-5409

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies...

CVE-2016-5409

Red Hat OpenShift Enterprise 2 is affected: the GEARID cookie’s Set-Cookie header does not set the HttpOnly flag, which could allow remote attackers to access potentially sensitive information via script. Root cause: missing HttpOnly on the GEARID cookie. Impact: disclosed information with partia...

CVE-2016-5409

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies...

Important: Red Hat Security Advisory: ansible and openshift-ansible security and bug fix update

An update for ansible and openshift-ansible is now available for Red Hat OpenShift Container Platform 3.2, Red Hat OpenShift Container Platform 3.3, and Red Hat OpenShift Container Platform 3.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

Moderate: Red Hat Security Advisory: Red Hat Mobile Application Platform 4.2.1 Security Update - SDKs and RPMs

Updated packages that provide Red Hat Mobile Application Platform 4.2.1, fixed several bugs, and added various enhancements that are now available from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring Syste...

Red Hat OpenShift Enterprise Remote Denial of Service Vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. A remote denial of service vulnerability exists in Red Hat OpenShift Enterprise...

Red Hat OpenShift Enterprise Information Disclosure Vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. An information disclosure vulnerability exists in Red Hat OpenShift Enterprise. It...

3: Pulling of any image is possible with it manifest

An input validation flaw was found in the way OpenShift handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image...

Important: Red Hat Security Advisory: atomic-openshift security and bug fix update

An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.1, 3.2, and 3.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2016-8651

An input validation flaw was found in the way OpenShift handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image...

Moderate: Red Hat Security Advisory: atomic-openshift-utils security and bug fix update

An update for openshift-ansible and ansible is now available for OpenShift Container Platform 3.2 and 3.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

3: Router sometimes selects new routes over old routes when determining claimed hostnames

The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site...

Moderate: Red Hat Security Advisory: atomic-openshift security and bug fix update

An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Red Hat OpenShift Enterprise Security Bypass Vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. A security vulnerability exists in Red Hat OpenShift Enterprise that stems from the...