Origin: rhc-chk.rb password exposure in log files

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d debug mode is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channel...

Important: Red Hat Security Advisory: Red Hat OpenShift Enterprise 1.1 update

Red Hat OpenShift Enterprise 1.1 is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in t...

Critical: Red Hat Security Advisory: rubygem-activesupport security update

An updated rubygem-activesupport package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Critical: Red Hat Security Advisory: Ruby on Rails security update

Updated rubygem-actionpack, rubygem-activesupport, ruby193-rubygem-actionpack, and ruby193-rubygem-activesupport packages that fix multiple security issues are now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having critical security...

openshift-origin-node-util: restorer.php preg_match shell code injection

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATHINFO...

Moderate: Red Hat Security Advisory: openshift-origin-node-util security update

An updated openshift-origin-node-util package that fixes two security issues is now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detaile...

openshift-origin-node-util: restorer.php arbitrary URL redirection

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATHINFO...

CVE-2012-5622

Cross-site request forgery CSRF vulnerability in the management console openshift-console/app/controllers/applicationcontroller.rb in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the management console openshift-console/app/controllers/applicationcontroller.rb in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors...

CVE-2012-5622

Cross-site request forgery CSRF vulnerability in the management console openshift-console/app/controllers/applicationcontroller.rb in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors...

CVE-2012-5622

OpenShift CSRF in the management console (openshift-console/app/controllers/application_controller.rb) of OpenShift 0.0.5 allows an attacker to hijack user sessions. The issue is confirmed across multiple sources (RHSA-2012:1555, Veracode summary, CVE-2012-5622). Root cause: improper CSRF protect...

openshift-console: CSRF attack

Cross-site request forgery CSRF vulnerability in the management console openshift-console/app/controllers/applicationcontroller.rb in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors...

Important: Red Hat Security Advisory: openshift-console security update

An updated openshift-console package that fixes one security issue is now available for OpenShift Enterprise. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

Scientific Linux Security Update : selinux-policy enhancement update on SL5.x, SL6.x i386/x86_64 (20121119)

This update adds the following enhancements : - An SELinux policy for openshift packages has been added This update has been placed in the security tree to avoid selinux related problems. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...