Lucene search
K

6802 matches found

Prion
Prion
added 2013/02/24 9:55 p.m.21 views

Design/Logic Flaw

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATHINFO...

7.5CVSS8AI score0.02204EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2013/02/24 9:0 p.m.72 views

CVE-2012-5646

CVE-2012-5646 affects Red Hat OpenShift Origin, specifically node-util/restorer.php (path: restorer.php) in the OpenShift Origin package, prior to version 1.0.5-3. A crafted uuid in the PATH_INFO enables remote attackers to execute arbitrary commands with the privileges of the application. The is...

7.5CVSS7.6AI score0.02204EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2013/02/24 9:0 p.m.56 views

CVE-2012-5647

CVE-2012-5647 is an open redirect flaw in OpenShift Origin’s restorer.php (node-util), present before version 1.0.5-3. A remote attacker could craft a link to cause PATH_INFO parsing to redirect victims to an arbitrary site, enabling phishing. The issue is documented alongside CVE-2012-5646, with...

5.8CVSS6.8AI score0.01471EPSS
Exploits1References6Affected Software2
Cvelist
Cvelist
added 2013/02/24 9:0 p.m.32 views

CVE-2012-5647

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATHINFO...

6.6AI score0.01471EPSS
Exploits1References6
Cvelist
Cvelist
added 2013/02/24 9:0 p.m.30 views

CVE-2012-5646

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATHINFO...

7.4AI score0.02204EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2013/02/24 12:0 a.m.5 views

PT-2013-2142 · Red Hat · Red Hat Openshift Origin

Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Origin versions prior to 1.1 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. This is due to a problem in the lockwrap function ...

3.6CVSS6AI score0.00365EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2013/02/24 12:0 a.m.6 views

PT-2013-1820 · Red Hat · Red Hat Openshift Origin

Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Origin versions prior to 1.0.5-3 Description: The issue allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH INFO. Recommendations: For versions prior to 1.0.5-3, update to version 1.0.5-3 or...

7.5CVSS7.3AI score0.02204EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2013/01/31 7:41 p.m.3 views

openshift-origin-port-proxy: openshift-port-proxy-cfg lockwrap() tmp file creation

The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...

3.6CVSS5.8AI score0.00365EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/01/31 7:41 p.m.55 views

Important: Red Hat Security Advisory: Red Hat OpenShift Enterprise 1.1 update

Red Hat OpenShift Enterprise 1.1 is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in t...

7.5CVSS7.3AI score0.04458EPSS
Exploits2References44
RedHat Linux
RedHat Linux
added 2013/01/31 7:41 p.m.3 views

Origin: rhc-chk.rb password exposure in log files

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d debug mode is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channel...

2.1CVSS5.8AI score0.00359EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/01/28 11:10 p.m.50 views

Critical: Red Hat Security Advisory: rubygem-activesupport security update

An updated rubygem-activesupport package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

7.5CVSS7.5AI score0.98582EPSS
Exploits7References2
RedHat Linux
RedHat Linux
added 2013/01/10 8:36 p.m.61 views

Critical: Red Hat Security Advisory: Ruby on Rails security update

Updated rubygem-actionpack, rubygem-activesupport, ruby193-rubygem-actionpack, and ruby193-rubygem-activesupport packages that fix multiple security issues are now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having critical security...

7.5CVSS8.2AI score0.99449EPSS
Exploits21References3
RedHat Linux
RedHat Linux
added 2013/01/08 8:44 p.m.29 views

Moderate: Red Hat Security Advisory: openshift-origin-node-util security update

An updated openshift-origin-node-util package that fixes two security issues is now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detaile...

7.5CVSS6.4AI score0.02204EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2013/01/08 8:44 p.m.8 views

openshift-origin-node-util: restorer.php preg_match shell code injection

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATHINFO...

7.5CVSS6.2AI score0.02204EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/01/08 8:44 p.m.6 views

openshift-origin-node-util: restorer.php arbitrary URL redirection

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATHINFO...

5.8CVSS6AI score0.01471EPSS
Exploits1References4
NVD
NVD
added 2012/12/18 1:55 a.m.20 views

CVE-2012-5622

Cross-site request forgery CSRF vulnerability in the management console openshift-console/app/controllers/applicationcontroller.rb in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors...

6.8CVSS7.1AI score0.00664EPSS
Exploits0References5
Prion
Prion
added 2012/12/18 1:55 a.m.20 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the management console openshift-console/app/controllers/applicationcontroller.rb in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors...

6.8CVSS7.7AI score0.00664EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2012/12/18 1:0 a.m.30 views

CVE-2012-5622

Cross-site request forgery CSRF vulnerability in the management console openshift-console/app/controllers/applicationcontroller.rb in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors...

7.1AI score0.00664EPSS
Exploits0References5
CVE
CVE
added 2012/12/18 1:0 a.m.66 views

CVE-2012-5622

OpenShift CSRF in the management console (openshift-console/app/controllers/application_controller.rb) of OpenShift 0.0.5 allows an attacker to hijack user sessions. The issue is confirmed across multiple sources (RHSA-2012:1555, Veracode summary, CVE-2012-5622). Root cause: improper CSRF protect...

6.8CVSS7.3AI score0.00664EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2012/12/10 8:52 p.m.31 views

Important: Red Hat Security Advisory: openshift-console security update

An updated openshift-console package that fixes one security issue is now available for OpenShift Enterprise. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

6.8CVSS6.3AI score0.00664EPSS
Exploits0References2
Rows per page
Query Builder