9 matches found
EUVD-2012-5530
Malware in sbrugna...
Information Disclosure
rhc-chk.rb in Red Hat OpenShift Origin is vulnerable to information disclosure. When -d debug mode is used, the output of the process contains confidential information such as the plaintext database passwords. This leads to unintentional disclosure of confidential in support channels such as a...
Red Hat OpenShift Origin Information Disclosure Vulnerability
Red Hat OpenShift Origin is an open source Platform as a Service PaaS product from Red Hat, Inc. An information disclosure vulnerability exists in Red Hat OpenShift Origin, which can be exploited by attackers to obtain sensitive information...
Red Hat OpenShift Origin API Server Denial of Service Vulnerability
Red Hat OpenShift Origin is an open source Platform as a Service PaaS product from Red Hat, Inc. A security vulnerability in the API server of Red Hat OpenShift Origin version 1.0.5 can be exploited by a remote attacker to cause a denial of service crash of the master process with specially craft...
CVE-2012-5658
OpenShift Origin before 1.1 is vulnerable: when running rhc-chk.rb with -d (debug mode), it writes passwords and other sensitive information in cleartext (e.g., in logs or support channels). The root cause is that the rhc-chk output is not redacted in debug mode. Red Hat’s RHSA-2013-0220 confirms...
CVE-2013-0164
Affected product: Red Hat OpenShift Origin before 1.1. The CVE-2013-0164 issue resides in the lockwrap function of port-proxy/bin/openshift-port-proxy-cfg, which creates a temporary file in /tmp insecurely. This allows local users to overwrite arbitrary files via a symlink attack on a predictable...
Design/Logic Flaw
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATHINFO...
CVE-2012-5647
CVE-2012-5647 is an open redirect flaw in OpenShift Origin’s restorer.php (node-util), present before version 1.0.5-3. A remote attacker could craft a link to cause PATH_INFO parsing to redirect victims to an arbitrary site, enabling phishing. The issue is documented alongside CVE-2012-5646, with...
CVE-2012-5646
CVE-2012-5646 affects Red Hat OpenShift Origin, specifically node-util/restorer.php (path: restorer.php) in the OpenShift Origin package, prior to version 1.0.5-3. A crafted uuid in the PATH_INFO enables remote attackers to execute arbitrary commands with the privileges of the application. The is...