5 matches found
CVE-2019-0542
CVE-2019-0542 is a remote code execution vulnerability in xterm.js caused by mishandling of special characters. The issue affects xterm.js and is corroborated by multiple connected records (e.g., RHSA advisories and OSV entries) that describe remote code execution. The documented details stop at ...
CVE-2018-1085
CVE-2018-1085 affects OpenShift OpenShift-ansible deployments: OpenShift Ansible before 3.9.23 and 3.7.46 deploys etcd with a misconfigured etcd.conf where ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH values are quoted, causing SSL client certificate authentication to be disabled. This en...
CVE-2019-10165
The CVE describes a vulnerability in OpenShift Container Platform prior to 4.1.3 where OAuth tokens are written in plaintext to API server audit logs. A user with sufficient privileges could recover these tokens from the logs and use them to access other resources. The issue is confirmed by multi...
CVE-2018-10843
CVE-2018-10843 affects OpenShift Container Platform 3.9.x (and earlier in the source-to-image component) where the assembler-user LABEL set to root in builder images can allow privilege escalation, enabling the assemble script to run as root inside a non-privileged container. The connected Red Ha...
CVE-2018-1070
OpenShift OpenShift Routing before v3.10 is vulnerable to improper input validation of Routing configurations, enabling DoS that can take down an entire router shard. Affected: OpenShift Container Platform routing component (pre-3.10). Root cause: input validation flaw in Routing configuration. I...