Openshift@1.0 Security Vulnerabilities and Issues — Openshift@1.0 CVE List

Lucene search

RedhatOpenshift1.0

15 matches found

CVE•added 2019/11/05 10:15 p.m.•86 views

CVE-2013-5123

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

5.9CVSS5.4AI score0.12863EPSS

CVE•added 2014/01/03 6:54 p.m.•77 views

CVE-2013-2119

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.

4.6CVSS6.3AI score0.00057EPSS

CVE•added 2013/02/24 10:55 p.m.•66 views

CVE-2012-5658

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channel...

2.1CVSS6.2AI score0.00063EPSS

CVE•added 2019/11/19 5:15 p.m.•65 views

CVE-2012-6135

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.

7.5CVSS7.5AI score0.01273EPSS

CVE•added 2013/02/24 9:55 p.m.•62 views

CVE-2012-5646

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.

7.5CVSS7.6AI score0.00934EPSS

Web

CVE•added 2013/02/24 10:55 p.m.•60 views

CVE-2013-0164

The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

3.6CVSS6.2AI score0.00056EPSS

CVE•added 2019/12/13 1:15 p.m.•57 views

CVE-2014-0175

mcollective has a default password set at install

9.8CVSS9.5AI score0.00601EPSS

CVE•added 2022/10/19 6:15 p.m.•55 views

CVE-2013-4253

The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.

7.5CVSS8.6AI score0.00055EPSS

CVE•added 2019/12/05 3:15 p.m.•52 views

CVE-2013-0163

OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS

5.5CVSS5.5AI score0.00122EPSS

CVE•added 2020/01/28 4:15 p.m.•49 views

CVE-2013-2060

The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.

10CVSS9.7AI score0.2201EPSS

CVE•added 2013/02/24 9:55 p.m.•46 views

CVE-2012-5647

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.

5.8CVSS6.8AI score0.00475EPSS

Web

CVE•added 2019/12/11 4:15 p.m.•46 views

CVE-2014-0163

Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.

9CVSS8.9AI score0.01787EPSS

CVE•added 2022/10/19 6:15 p.m.•41 views

CVE-2013-4281

In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.

5.5CVSS7AI score0.00021EPSS

CVE•added 2018/01/08 7:29 p.m.•41 views

CVE-2013-4364

(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.

7.8CVSS7.7AI score0.00031EPSS

CVE•added 2019/12/03 2:15 p.m.•37 views

CVE-2013-2103

OpenShift cartridge allows remote URL retrieval

8.1CVSS8.1AI score0.00305EPSS