4 matches found
CVE-2020-1741
A flaw was found in openshift-ansible. OpenShift Container Platform OCP 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perfo...
CVE-2020-1741
CVE-2020-1741 affects OpenShift Container Platform 3.11 via openshift-ansible, where CORS allowed origins are configured too permissively during installation. This enables a MITM between a user’s browser and the OpenShift console to facilitate phishing, with confidentiality as the main risk. Publ...
CVE-2019-11324
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use o...
CVE-2018-1069
GlusterFS and NFS network filesystems rely on File System User ID and Group ID information in order to restrict access to file shares. However, it's possible to overwrite the Openshift restrictions on container UserId and GroupdId as they are not validated before being sent over the Openshift...