Lucene search
K
RedhatOpenshift Origin

10 matches found

CVE
CVE
added 2013/02/24 10:0 p.m.85 views

CVE-2012-5658

OpenShift Origin before 1.1 is vulnerable: when running rhc-chk.rb with -d (debug mode), it writes passwords and other sensitive information in cleartext (e.g., in logs or support channels). The root cause is that the rhc-chk output is not redacted in debug mode. Red Hat’s RHSA-2013-0220 confirms...

2.1CVSS6.2AI score0.00359EPSS
CVE
CVE
added 2014/06/20 2:0 p.m.79 views

CVE-2014-3496

CVE-2014-3496 affects rubygem-openshift-origin-node in Red Hat OpenShift/OpenShift Origin. A command-injection flaw in cartridge_repository.rb allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with .tar.gz, .zip, .tgz, or .tar in a cartridge man...

10CVSS7.6AI score0.05085EPSS
CVE
CVE
added 2013/02/24 10:0 p.m.74 views

CVE-2013-0164

Affected product: Red Hat OpenShift Origin before 1.1. The CVE-2013-0164 issue resides in the lockwrap function of port-proxy/bin/openshift-port-proxy-cfg, which creates a temporary file in /tmp insecurely. This allows local users to overwrite arbitrary files via a symlink attack on a predictable...

3.6CVSS6.2AI score0.00365EPSS
CVE
CVE
added 2016/06/08 5:0 p.m.74 views

CVE-2016-2160

CVE-2016-2160 affects Red Hat OpenShift Enterprise 3.2 and OpenShift Origin. Affected component is the container-building process (sti builder image); the root cause is the ability for remote authenticated users to execute commands with root privileges by changing the root password during image c...

9CVSS8.8AI score0.0406EPSS
CVE
CVE
added 2013/02/24 9:0 p.m.73 views

CVE-2012-5646

CVE-2012-5646 affects Red Hat OpenShift Origin, specifically node-util/restorer.php (path: restorer.php) in the OpenShift Origin package, prior to version 1.0.5-3. A crafted uuid in the PATH_INFO enables remote attackers to execute arbitrary commands with the privileges of the application. The is...

7.5CVSS7.6AI score0.02204EPSS
CVE
CVE
added 2019/11/21 2:4 p.m.66 views

CVE-2014-0084

CVE-2014-0084 affects the Ruby gem openshift-origin-node prior to 2014-02-14, which does not enforce a cronjob timeout, potentially enabling a denial-of-service in cron.daily and cron.weekly. Public records in OSV/RH advisories reference the same issue (GHSA-756M-3QF2-HP58) and describe an improp...

5.5CVSS5.4AI score0.00311EPSS
CVE
CVE
added 2016/06/08 5:0 p.m.65 views

CVE-2016-3711

CVE-2016-3711 affects haproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin 3.2. The flaw allows local users to obtain the internal IP address of a pod by reading the OPENSHIFT_[namespace]_SERVERID cookie, an information-disclosure root cause in the HAProxy setup used by OpenShift. Imp...

3.3CVSS4.8AI score0.00355EPSS
CVE
CVE
added 2013/02/24 9:0 p.m.57 views

CVE-2012-5647

CVE-2012-5647 is an open redirect flaw in OpenShift Origin’s restorer.php (node-util), present before version 1.0.5-3. A remote attacker could craft a link to cause PATH_INFO parsing to redirect victims to an arbitrary site, enabling phishing. The issue is documented alongside CVE-2012-5646, with...

5.8CVSS6.8AI score0.01471EPSS
CVE
CVE
added 2015/09/08 3:0 p.m.56 views

CVE-2015-5250

CVE-2015-5250 affects the API server of OpenShift Origin 1.0.5. A remote attacker can trigger a denial of service (master process crash) by sending specially crafted JSON data. Root cause mentioned in public sources includes improper error handling in the API server. The issue is addressed in Red...

4CVSS6.5AI score0.01952EPSS
CVE
CVE
added 2019/11/13 3:33 p.m.44 views

CVE-2014-3592

CVE-2014-3592 affects OpenShift Origin where improperly validated team names can lead to stored XSS attacks. The linked records confirm the affected component is OpenShift Origin and describe the issue as a validation flaw for team name input that enables stored XSS. CVSS scores are provided (2.0...

6.1CVSS5.9AI score0.00655EPSS