11 matches found
RHEL 7 : atomic-openshift (RHSA-2016:1427)
An update for atomic-openshift is now available for Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 7 : jenkins (RHSA-2016:1206)
An updated Jenkins package and image that includes security fixes are now available for Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
RHEL 7 : Red Hat OpenShift Enterprise 3.2 (RHSA-2016:1853)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1853 advisory. OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service PaaS solution designed for on-premise or private cloud...
CVE-2016-5392
The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list...
CVE-2016-5392
The CVE-2016-5392 vulnerability affects Red Hat OpenShift Enterprise 3.2 deployments where the Kubernetes API server’s watch cache allows a remote, authenticated user who knows other project names to disclose sensitive project and user information. The root cause is an input validation error in t...
CVE-2016-3738
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod...
Code injection
Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace...
CVE-2016-2160
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image...
PT-2016-5669 · Red Hat · Red Hat Openshift Enterprise
Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise version 3.2 Description: The issue allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that contains ONBUILD commands or does not contain a tar...
PT-2016-5687 · Red Hat +1 · Red Hat Openshift Enterprise +1
Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise version 3.2 Description: The issue is related to improper access restriction to STI builds, allowing remote authenticated users to access the Docker socket and gain privileges. This is achieved through vectors...
PT-2016-5029 · Red Hat · Red Hat Openshift Enterprise
Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise version 3.2 Description: The issue allows remote authenticated users to read log files from another namespace. This can be achieved by creating a new namespace with the same name as a previously deleted namespace...