RHCOS 3 : Red Hat OpenShift Enterprise 3.1 (RHSA-2016:1095)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1095 advisory. - 3: Untrusted content loaded via the API proxy can access web console credentials on the same domain CVE-2016-3703 Note that Nessus has not...

RHEL 7 : Red Hat OpenShift Enterprise 3.2 (RHSA-2016:1094)

"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1094 advisory. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private clo...

CVE-2016-3703

Summary: CVE-2016-3703 affects Red Hat OpenShift Enterprise 3.1 and 3.2. The issue arises from improper origin validation when anonymous access is allowed to a service/proxy or pod/proxy API for a specific pod, permitting an attacker to retrieve API credentials stored in a browser’s localStorage ...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise 3.1 security update

An update for atomic-openshift is now available for Red Hat OpenShift Enterprise 3.1. In addition, all images have been rebuilt on the new RHEL 7.2.4 base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base...