Design/Logic Flaw

Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors...

CVE-2015-5222

CVE-2015-5222 affects Red Hat OpenShift Enterprise 3.0.0.0, where the server admission control fails to enforce permissions, allowing remote authenticated users with build permissions to run arbitrary shell commands as root on arbitrary build pods via unspecified vectors. The issue is described i...

CVE-2015-5222

Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors...

PT-2015-6805 · Red Hat · Red Hat Openshift Enterprise

Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise version 3.0.0.0 Description: The issue allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods. Recommendations: For Red Hat...

Important: Red Hat Security Advisory: openshift security update

Updated openshift packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: node.js security update

Updated node.js packages that fix one security issue are now available for Red Hat OpenShift Enterprise 2.1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: node.js security update

Updated node.js packages that fix one security issue are now available for Red Hat OpenShift Enterprise 2.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

OpenShift: /proc/net/tcp information disclosure

It was found that OpenShift Enterprise did not restrict access to the /proc/net/tcp file in gears, which allowed local users to view all listening connections and connected sockets. This could result in remote system's IP or port numbers in use to be exposed, which may be useful for further...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.1.9 security, bug fix, and enhancement update

Red Hat OpenShift Enterprise release 2.1.9, which fixes two security issues, several bugs, and add one enhancement, is now available. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...

Enterprise: gears fail to properly isolate network traffic

It was found that OpenShift Enterprise 2.1 did not properly restrict access to services running on different gears. This could allow an attacker to access unprotected network resources running in another user's gear...

(RHSA-2014:1905) Low: Red Hat OpenShift Enterprise 1.2 - Final Retirement Notice

In accordance with the Red Hat OpenShift Enterprise Life Cycle Policy, the two-year life cycle of Production Support for version 1.2 will end on November 27, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage...

CVE-2014-0233

Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme...

Design/Logic Flaw

Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme...

CVE-2014-0233

The CVE-2014-0233 issue affects Red Hat OpenShift Enterprise 2.0/2.1 and OpenShift Origin, where remote authenticated users can run arbitrary commands via shell metacharacters in a directory name referenced by a cartridge using the file: URI scheme. Root cause: improper handling of directory name...

CVE-2014-0233

Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme...

PT-2014-3550 · Red Hat · Openshift Origin +1

Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise versions 2.0 through 2.1 OpenShift Origin affected versions not specified Description: The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is...

CVE-2014-3674

Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors...

Code injection

Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors...

Information disclosure

Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp...

CVE-2014-3602

Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp...