Openshift Enterprise Security Vulnerabilities
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their...
7CVSS
6.8AI Score
0.0004EPSS
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their...
7CVSS
6.8AI Score
0.0004EPSS
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web...
6.5CVSS
6.3AI Score
0.001EPSS
Openshift has shell command injection flaws due to unsanitized data being passed into shell...
8.8CVSS
8.9AI Score
0.001EPSS
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate...
5.5CVSS
5.5AI Score
0.0004EPSS
8.1CVSS
8.1AI Score
0.001EPSS
Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the...
6.5CVSS
6.3AI Score
0.001EPSS