496 matches found
WordPress Pods 2.7.9 Database Disclosure Vulnerability
WordPress Pods plugin version 2.7.9 suffers from a database disclosure vulnerability. Exploit Title : WordPress Pods Plugins 2.7.9 Database Backup Arbitrary File Download Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Vendor Homepage : +...
WordPress Pods 2.7.9 Database Disclosure
Exploit Title : WordPress Pods Plugins 2.7.9 Database Backup Arbitrary File Download Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/11/2018 Vendor Homepage : + wordpress.org/plugins/pods/ pods.io +...
kubernetes: authentication/authorization bypass in the handling of non-101 responses
A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in...
Critical: Red Hat Security Advisory: OpenShift Container Platform 3.10 security update
An update is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
kubernetes: authentication/authorization bypass in the handling of non-101 responses
A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in...
kubernetes: authentication/authorization bypass in the handling of non-101 responses
A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in...
kubernetes: authentication/authorization bypass in the handling of non-101 responses
A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in...
Cross site scripting
A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim...
CVE-2018-10937
A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim...
[SECURITY] Fedora 27 Update: podman-0.6.4-1.gitd5beb2f.fc27
Manage Pods, Containers and Container Images libpod provides a library for applications looking to use the Container Pod concept popularized by Kubernetes...
CVE-2017-7534
OpenShift Enterprise 3.x contains a stored cross-site scripting (XSS) vulnerability in the pod log viewer. The issue arises from inadequate sanitization of user input, specifically terminal escape characters, which can cause clickable links to be created when viewing pod logs. The vulnerability a...
CVE-2016-3738
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod...
PT-2016-5669 · Red Hat · Red Hat Openshift Enterprise
Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise version 3.2 Description: The issue allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that contains ONBUILD commands or does not contain a tar...
origin: pod update allows docker socket access via build-pod
A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges...
3: s2i builds implicitly perform docker builds
A flaw was found in OpenShift Enterprise when multi-tenant SDN is enabled and a build is run within a namespace that would normally be isolated from pods in other namespaces. If an s2i build is run in such an environment the container being built can access network resources on pods that should n...
Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities
No description provided by source...
CVE-2015-5222
Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors...
Design/Logic Flaw
Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors...
PT-2015-6805 · Red Hat · Red Hat Openshift Enterprise
Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise version 3.0.0.0 Description: The issue allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods. Recommendations: For Red Hat...
OpenShift3: Exec operations should be forbidden to privileged pods such as builder pods
An improper permission check issue was discovered in the server admission control component in OpenShift. A user with build permissions could use this flaw to execute arbitrary shell commands on a build pod with the privileges of the root user...