Openshift Origin Security Vulnerabilities and Issues — Openshift Origin CVE List

Lucene search

RedhatOpenshift Origin

10 matches found

CVE•added 2013/02/24 10:55 p.m.•63 views

CVE-2012-5658

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channel...

2.1CVSS6.2AI score0.00063EPSS

CVE•added 2016/06/08 5:59 p.m.•61 views

CVE-2016-2160

Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.

9CVSS8.8AI score0.00614EPSS

CVE•added 2014/06/20 2:55 p.m.•60 views

CVE-2014-3496

cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.

10CVSS7.6AI score0.05735EPSS

CVE•added 2013/02/24 9:55 p.m.•59 views

CVE-2012-5646

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.

7.5CVSS7.6AI score0.00934EPSS

CVE•added 2013/02/24 10:55 p.m.•57 views

CVE-2013-0164

The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

3.6CVSS6.2AI score0.00056EPSS

CVE•added 2016/06/08 5:59 p.m.•50 views

CVE-2016-3711

HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.

3.3CVSS4.8AI score0.00119EPSS

CVE•added 2019/11/21 3:15 p.m.•48 views

CVE-2014-0084

Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.

5.5CVSS5.4AI score0.00131EPSS

CVE•added 2013/02/24 9:55 p.m.•43 views

CVE-2012-5647

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.

5.8CVSS6.8AI score0.00475EPSS

CVE•added 2015/09/08 3:59 p.m.•39 views

CVE-2015-5250

The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data.

4CVSS6.5AI score0.00455EPSS

CVE•added 2019/11/13 4:15 p.m.•33 views

CVE-2014-3592

OpenShift Origin: Improperly validated team names could allow stored XSS attacks

6.1CVSS5.9AI score0.00341EPSS