CVE-2018-10937

CVE-2018-10937 describes a cross-site scripting flaw in the tetonic-console component of OpenShift Container Platform 3.11. An attacker who can create pods can leverage this flaw to act on the Kubernetes API as the victim, implying potential privilege abuse within the cluster. The description doe...

CVE-2018-10937

A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim...

CVE-2018-14632

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management...

CVE-2018-14632

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management...

CVE-2018-14632

OpenShift Container Platform before 3.7 is vulnerable to an out-of-bounds write when patching an object via oc patch, which could cause a denial of service to the master API service. Root cause: JSON Patch out-of-bounds write. Remediation/fix version is not specified in the provided documents; mo...

CVE-2018-14632

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management...

PT-2018-12628 · Red Hat · Openshift Container Platform

Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform versions prior to 3.7 Description: The issue is related to an out-of-bounds write that can occur when patching an OpenShift object using the oc patch functionality. This can be exploited to cause a denial of servi...

CVE-2018-10843

source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network...

CVE-2018-10843

source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network...

CVE-2018-10843

CVE-2018-10843 affects OpenShift Container Platform 3.9.x (and earlier in the source-to-image component) where the assembler-user LABEL set to root in builder images can allow privilege escalation, enabling the assemble script to run as root inside a non-privileged container. The connected Red Ha...

Moderate: Red Hat Bug Fix Advisory: OpenShift Container Platform 3.9 bug fix and enhancement update

Red Hat OpenShift Container Platform release 3.9.30 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud...

CVE-2018-10843

A privilege escalation flaw was found in the source-to-image component of Openshift Container Platform which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which a...

Critical: Red Hat Security Advisory: OpenShift Container Platform 3.2 security update

An update is now available for Red Hat OpenShift Container Platform 3.2. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: Red Hat Security Advisory: Red Hat OpenShift Container Platform security update

An update is now available for Red Hat OpenShift Container Platform 3.7, 3.6, 3.5, 3.4, and 3.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Bug Fix Advisory: OpenShift Container Platform 3.6.1 bug fix and enhancement update

Red Hat OpenShift Container Platform releases 3.6.1 are now available with updates to packages and images that fix several bugs and add various enhancements. Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or privat...

Important: Red Hat Security Advisory: ansible and openshift-ansible security and bug fix update

An update for ansible and openshift-ansible is now available for Red Hat OpenShift Container Platform 3.2, Red Hat OpenShift Container Platform 3.3, and Red Hat OpenShift Container Platform 3.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common...