Lucene search
K

77 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-6761

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00465EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/03/29 3:36 a.m.5 views

SUSE CVE-2024-7631

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...

4.3CVSS6.5AI score0.00465EPSS
Exploits0References3
OSV
OSV
added 2025/03/25 7:38 p.m.8 views

GO-2025-3539 OpenShift Console Has a Path Traversal Vulnerability in github.com/openshift/console

OpenShift Console Has a Path Traversal Vulnerability in github.com/openshift/console...

4.3CVSS6.7AI score0.00465EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/03/19 9:30 p.m.10 views

OpenShift Console Has a Path Traversal Vulnerability

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...

4.3CVSS6.5AI score0.00465EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/03/19 9:30 p.m.2 views

GHSA-69X5-HJG4-M267 OpenShift Console Has a Path Traversal Vulnerability

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...

4.3CVSS6.8AI score0.00465EPSS
Exploits0References5
NVD
NVD
added 2025/03/19 7:15 p.m.8 views

CVE-2024-7631

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...

4.3CVSS0.00465EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/19 6:47 p.m.12 views

CVE-2024-7631 Openshift-console: openshift console: path traversal

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...

4.3CVSS0.00465EPSS
Exploits0References3
CVE
CVE
added 2025/03/19 6:47 p.m.94 views

CVE-2024-7631

OpenShift Console CVE-2024-7631 describes a path traversal flaw in the locales/resources.json endpoint where lng/ns are used to build a file path in pkg/plugins/handlers unsafely.go, allowing an authenticated user to read arbitrary JSON files on the console pod by using ../ sequences. Connected d...

4.3CVSS4.5AI score0.00465EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/19 6:47 p.m.7 views

CVE-2024-7631 Openshift-console: openshift console: path traversal

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...

4.3CVSS4.6AI score0.00465EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/19 6:46 p.m.7 views

CVE-2024-7631

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...

4.3CVSS6.9AI score0.00465EPSS
Exploits0References3
Veracode
Veracode
added 2024/12/02 6:22 a.m.3 views

Server Side Request Forgery (SSRF)

github.com/openshift/console is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to the lack of proper checks on the /api/dev-console/proxy/internet endpoint, which allows authenticated users to make arbitrary HTTP requests from the console's pod to services inside the...

5.3CVSS6.6AI score0.00569EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/11/25 9:30 a.m.18 views

OpenShift Console Server Side Request Forgery vulnerability

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

5.3CVSS6.5AI score0.00569EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2024/11/25 7:15 a.m.23 views

CVE-2024-6538

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

5.3CVSS0.00569EPSS
Exploits0References7
Prion
Prion
added 2024/11/25 7:15 a.m.5 views

CVE-2024-6538

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

5.3CVSS0.00569EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/25 6:15 a.m.9 views

CVE-2024-6538 Openshift-console: openshift console: server-side request forgery

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

5.3CVSS5.1AI score0.00569EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/11/25 6:15 a.m.21 views

CVE-2024-6538 Openshift-console: openshift console: server-side request forgery

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

5.3CVSS0.00569EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2024/11/21 10:20 a.m.16 views

CVE-2024-6538

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

5.3CVSS6.3AI score0.00569EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.9 views

Red Hat OpenShift Console 代码问题漏洞

Red Hat OpenShift Console is an OpenShift console from Red Hat USA. A code issue vulnerability exists in Red Hat OpenShift Console, which stems from the vulnerability of the component openshift4/ose-console to a server-side request forgery attack, which allows an authenticated user to make the...

5.3CVSS5.8AI score0.00569EPSS
Exploits0References3
OSV
OSV
added 2024/09/15 8:27 p.m.14 views

RHSA-2012:1555 Red Hat Security Advisory: openshift-console security update

Bulletin has no description...

6.8CVSS6.3AI score0.00664EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/08/21 5:45 a.m.14 views

CVE-2024-6508 Openshift-console: oauth2 insufficient state parameter entropy

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...

8CVSS0.00559EPSS
Exploits0References8
Rows per page
Query Builder