Openshift@2.0.5 Security Vulnerabilities and Issues — Openshift@2.0.5 CVE List

Lucene search

RedhatOpenshift2.0.5

5 matches found

CVE•added 2014/06/20 2:55 p.m.•63 views

CVE-2014-3496

cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.

10CVSS7.6AI score0.05735EPSS

CVE•added 2014/05/05 5:6 p.m.•55 views

CVE-2014-0164

openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.

2.1CVSS5.8AI score0.00037EPSS

CVE•added 2014/04/24 2:55 p.m.•51 views

CVE-2014-0188

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request t...

7.5CVSS7.1AI score0.00383EPSS

CVE•added 2014/11/13 9:32 p.m.•51 views

CVE-2014-3602

Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.

2.1CVSS6.1AI score0.00114EPSS

CVE•added 2014/11/13 9:32 p.m.•48 views

CVE-2014-3674

Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.

7.5CVSS6.8AI score0.00542EPSS