6716 matches found
Important: Red Hat Security Advisory: rubygem-openshift-origin-node security update
An updated rubygem-openshift-origin-node package that fixes one security issue is now available for Red Hat OpenShift Enterprise 2.0. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
Important: Red Hat Bug Fix Advisory: Red Hat OpenShift Enterprise 2.1 Release Advisory
Red Hat OpenShift Enterprise release 2.1, which fixes several bugs and includes various enhancements, is now available. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The OpenShift Enterpri...
openshift-origin-broker: default password creation
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this m...
rubygem-openshift-origin-node: cron.daily/cron.weekly denial of service
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly...
CVE-2014-0164
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file...
DEBIAN-CVE-2014-0164
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file...
CVE-2014-0164
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file...
CVE-2014-0164
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file...
Design/Logic Flaw
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file...
CVE-2014-0164
The CVE affects openshift-origin-broker-util used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, where the mcollective client.cfg file is world-readable, allowing local users to read credentials and other sensitive information. The underlying issue is improper file permissions on the configurat...
CVE-2014-0164
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file...
CVE-2014-0164
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file...
PT-2014-3509 · Red Hat · Red Hat Openshift Enterprise
Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise versions 1.2.7 through 2.0.5 Description: The issue allows local users to obtain credentials and other sensitive information by reading a configuration file due to world-readable permissions. This affects the...
mcollective: world readable client config
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file...
Important: Red Hat Security Advisory: openshift-origin-broker-util security update
An updated openshift-origin-broker-util package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.2.7. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
Important: Red Hat Security Advisory: openshift-origin-broker-util security update
An updated openshift-origin-broker-util package that fixes one security issue is now available for Red Hat OpenShift Enterprise 2.0.5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
mcollective: world readable client config
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file...
CVE-2014-0188
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request...
Authentication flaw
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request...
CVE-2014-0188
CVE-2014-0188 affects Red Hat OpenShift Enterprise (openshift-origin-broker) up to version 2.0.5 and 1.2.7, where authentication requests from the remote-user auth plug-in can be bypassed via the X-Remote-User header in a passthrough trigger. The issue enables remote attackers to impersonate arbi...