Lucene search
K

4 matches found

OSV
OSV
added 2020/04/24 7:15 p.m.32 views

CVE-2020-1741

A flaw was found in openshift-ansible. OpenShift Container Platform OCP 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perfo...

5.9CVSS6.4AI score0.00854EPSS
Exploits0References1
CVE
CVE
added 2020/04/24 6:34 p.m.138 views

CVE-2020-1741

CVE-2020-1741 affects OpenShift Container Platform 3.11 via openshift-ansible, where CORS allowed origins are configured too permissively during installation. This enables a MITM between a user’s browser and the OpenShift console to facilitate phishing, with confidentiality as the main risk. Publ...

5.9CVSS5.4AI score0.00854EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2019/04/23 9:50 p.m.36 views

CVE-2019-11324

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use o...

7.5CVSS8.5AI score0.02813EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2018/03/08 4:49 a.m.32 views

CVE-2018-1069

GlusterFS and NFS network filesystems rely on File System User ID and Group ID information in order to restrict access to file shares. However, it's possible to overwrite the Openshift restrictions on container UserId and GroupdId as they are not validated before being sent over the Openshift...

7.1CVSS0.2AI score0.0061EPSS
Exploits0References1
Rows per page
Query Builder