10 matches found
CVE-2012-5658
OpenShift Origin before 1.1 is vulnerable: when running rhc-chk.rb with -d (debug mode), it writes passwords and other sensitive information in cleartext (e.g., in logs or support channels). The root cause is that the rhc-chk output is not redacted in debug mode. Red Hat’s RHSA-2013-0220 confirms...
CVE-2014-3496
CVE-2014-3496 affects rubygem-openshift-origin-node in Red Hat OpenShift/OpenShift Origin. A command-injection flaw in cartridge_repository.rb allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with .tar.gz, .zip, .tgz, or .tar in a cartridge man...
CVE-2013-0164
Affected product: Red Hat OpenShift Origin before 1.1. The CVE-2013-0164 issue resides in the lockwrap function of port-proxy/bin/openshift-port-proxy-cfg, which creates a temporary file in /tmp insecurely. This allows local users to overwrite arbitrary files via a symlink attack on a predictable...
CVE-2016-2160
CVE-2016-2160 affects Red Hat OpenShift Enterprise 3.2 and OpenShift Origin. Affected component is the container-building process (sti builder image); the root cause is the ability for remote authenticated users to execute commands with root privileges by changing the root password during image c...
CVE-2012-5646
CVE-2012-5646 affects Red Hat OpenShift Origin, specifically node-util/restorer.php (path: restorer.php) in the OpenShift Origin package, prior to version 1.0.5-3. A crafted uuid in the PATH_INFO enables remote attackers to execute arbitrary commands with the privileges of the application. The is...
CVE-2014-0084
CVE-2014-0084 affects the Ruby gem openshift-origin-node prior to 2014-02-14, which does not enforce a cronjob timeout, potentially enabling a denial-of-service in cron.daily and cron.weekly. Public records in OSV/RH advisories reference the same issue (GHSA-756M-3QF2-HP58) and describe an improp...
CVE-2016-3711
CVE-2016-3711 affects haproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin 3.2. The flaw allows local users to obtain the internal IP address of a pod by reading the OPENSHIFT_[namespace]_SERVERID cookie, an information-disclosure root cause in the HAProxy setup used by OpenShift. Imp...
CVE-2012-5647
CVE-2012-5647 is an open redirect flaw in OpenShift Origin’s restorer.php (node-util), present before version 1.0.5-3. A remote attacker could craft a link to cause PATH_INFO parsing to redirect victims to an arbitrary site, enabling phishing. The issue is documented alongside CVE-2012-5646, with...
CVE-2015-5250
CVE-2015-5250 affects the API server of OpenShift Origin 1.0.5. A remote attacker can trigger a denial of service (master process crash) by sending specially crafted JSON data. Root cause mentioned in public sources includes improper error handling in the API server. The issue is addressed in Red...
CVE-2014-3592
CVE-2014-3592 affects OpenShift Origin where improperly validated team names can lead to stored XSS attacks. The linked records confirm the affected component is OpenShift Origin and describe the issue as a validation flaw for team name input that enables stored XSS. CVSS scores are provided (2.0...