6802 matches found
Design/Logic Flaw
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATHINFO...
CVE-2012-5646
CVE-2012-5646 affects Red Hat OpenShift Origin, specifically node-util/restorer.php (path: restorer.php) in the OpenShift Origin package, prior to version 1.0.5-3. A crafted uuid in the PATH_INFO enables remote attackers to execute arbitrary commands with the privileges of the application. The is...
CVE-2012-5647
CVE-2012-5647 is an open redirect flaw in OpenShift Origin’s restorer.php (node-util), present before version 1.0.5-3. A remote attacker could craft a link to cause PATH_INFO parsing to redirect victims to an arbitrary site, enabling phishing. The issue is documented alongside CVE-2012-5646, with...
CVE-2012-5647
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATHINFO...
CVE-2012-5646
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATHINFO...
PT-2013-2142 · Red Hat · Red Hat Openshift Origin
Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Origin versions prior to 1.1 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. This is due to a problem in the lockwrap function ...
PT-2013-1820 · Red Hat · Red Hat Openshift Origin
Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Origin versions prior to 1.0.5-3 Description: The issue allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH INFO. Recommendations: For versions prior to 1.0.5-3, update to version 1.0.5-3 or...
openshift-origin-port-proxy: openshift-port-proxy-cfg lockwrap() tmp file creation
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...
Important: Red Hat Security Advisory: Red Hat OpenShift Enterprise 1.1 update
Red Hat OpenShift Enterprise 1.1 is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in t...
Origin: rhc-chk.rb password exposure in log files
rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d debug mode is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channel...
Critical: Red Hat Security Advisory: rubygem-activesupport security update
An updated rubygem-activesupport package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Critical: Red Hat Security Advisory: Ruby on Rails security update
Updated rubygem-actionpack, rubygem-activesupport, ruby193-rubygem-actionpack, and ruby193-rubygem-activesupport packages that fix multiple security issues are now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having critical security...
Moderate: Red Hat Security Advisory: openshift-origin-node-util security update
An updated openshift-origin-node-util package that fixes two security issues is now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detaile...
openshift-origin-node-util: restorer.php preg_match shell code injection
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATHINFO...
openshift-origin-node-util: restorer.php arbitrary URL redirection
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATHINFO...
CVE-2012-5622
Cross-site request forgery CSRF vulnerability in the management console openshift-console/app/controllers/applicationcontroller.rb in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the management console openshift-console/app/controllers/applicationcontroller.rb in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors...
CVE-2012-5622
Cross-site request forgery CSRF vulnerability in the management console openshift-console/app/controllers/applicationcontroller.rb in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors...
CVE-2012-5622
OpenShift CSRF in the management console (openshift-console/app/controllers/application_controller.rb) of OpenShift 0.0.5 allows an attacker to hijack user sessions. The issue is confirmed across multiple sources (RHSA-2012:1555, Veracode summary, CVE-2012-5622). Root cause: improper CSRF protect...
Important: Red Hat Security Advisory: openshift-console security update
An updated openshift-console package that fixes one security issue is now available for OpenShift Enterprise. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...