Lucene search

K

Openshift Security Vulnerabilities

cve
cve

CVE-2021-4294

A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It....

5.9CVSS

5.7AI Score

0.001EPSS

2022-12-28 05:15 PM
64
cve
cve

CVE-2019-19348

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their...

7CVSS

6.8AI Score

0.0004EPSS

2020-04-02 08:15 PM
92
cve
cve

CVE-2019-19346

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their...

7CVSS

6.8AI Score

0.0004EPSS

2020-04-02 08:15 PM
71
cve
cve

CVE-2013-0196

A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web...

6.5CVSS

6.3AI Score

0.001EPSS

2019-12-30 10:15 PM
59
cve
cve

CVE-2013-0165

cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in...

7.3CVSS

7.2AI Score

0.001EPSS

2019-11-01 07:15 PM
146
cve
cve

CVE-2014-0084

Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and...

5.5CVSS

5.4AI Score

0.0004EPSS

2019-11-21 03:15 PM
30
cve
cve

CVE-2015-3207

In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly'...

5.3CVSS

5.2AI Score

0.001EPSS

2022-07-07 01:15 PM
33
4
cve
cve

CVE-2020-10752

A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into.....

7.5CVSS

7.1AI Score

0.001EPSS

2020-06-12 11:15 PM
50
In Wild
cve
cve

CVE-2014-0163

Openshift has shell command injection flaws due to unsanitized data being passed into shell...

8.8CVSS

8.9AI Score

0.001EPSS

2019-12-11 04:15 PM
28
cve
cve

CVE-2013-2095

rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command...

9.8CVSS

9.7AI Score

0.004EPSS

2019-12-10 02:15 PM
31
cve
cve

CVE-2013-0163

OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate...

5.5CVSS

5.5AI Score

0.0004EPSS

2019-12-05 03:15 PM
30
cve
cve

CVE-2013-2103

OpenShift cartridge allows remote URL...

8.1CVSS

8.1AI Score

0.001EPSS

2019-12-03 02:15 PM
18
cve
cve

CVE-2014-0023

OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code...

7.8CVSS

7.9AI Score

0.0004EPSS

2019-11-15 03:15 PM
23
cve
cve

CVE-2014-3592

OpenShift Origin: Improperly validated team names could allow stored XSS...

6.1CVSS

5.9AI Score

0.001EPSS

2019-11-13 04:15 PM
20
cve
cve

CVE-2018-1103

Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the...

6.5CVSS

6.3AI Score

0.001EPSS

2018-06-12 03:29 PM
22
cve
cve

CVE-2015-8945

openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd...

5.1CVSS

4.9AI Score

0.001EPSS

2016-08-05 03:59 PM
16