Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RedhatOpenshift3.2

18 matches found

CVE
CVEadded 2018/04/30 7:29 p.m.113 views

CVE-2018-1102

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.

8.8CVSS8.4AI score0.01331EPSS
CVE
CVEadded 2016/05/17 2:8 p.m.89 views

CVE-2016-3721

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.

6.5CVSS6.5AI score0.00163EPSS
CVE
CVEadded 2016/09/21 2:25 p.m.85 views

CVE-2016-5418

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

7.5CVSS7.5AI score0.05224EPSS
CVE
CVEadded 2016/05/17 2:8 p.m.79 views

CVE-2016-3722

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name."

4.3CVSS5.3AI score0.00237EPSS
CVE
CVEadded 2016/05/17 2:8 p.m.78 views

CVE-2016-3723

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.

4.3CVSS5AI score0.00064EPSS
CVE
CVEadded 2016/05/17 2:8 p.m.76 views

CVE-2016-3725

Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).

5CVSS5.2AI score0.00135EPSS
CVE
CVEadded 2016/05/17 2:8 p.m.74 views

CVE-2016-3724

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.

6.5CVSS6.2AI score0.00301EPSS
CVE
CVEadded 2016/05/17 2:8 p.m.71 views

CVE-2016-3727

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.

4.3CVSS5AI score0.00131EPSS
CVE
CVEadded 2016/06/08 5:59 p.m.61 views

CVE-2016-2160

Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.

9CVSS8.8AI score0.00614EPSS
CVE
CVEadded 2016/05/17 2:8 p.m.61 views

CVE-2016-3726

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.

7.4CVSS7.3AI score0.00098EPSS
CVE
CVEadded 2016/06/08 5:59 p.m.51 views

CVE-2016-3703

Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query...

5.3CVSS5.6AI score0.00167EPSS
CVE
CVEadded 2016/06/08 5:59 p.m.50 views

CVE-2016-3711

HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.

3.3CVSS4.8AI score0.00119EPSS
CVE
CVEadded 2016/06/08 5:59 p.m.47 views

CVE-2016-2149

Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.

6.5CVSS6.6AI score0.00359EPSS
CVE
CVEadded 2018/09/10 2:29 p.m.47 views

CVE-2016-7075

It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.

8.1CVSS8AI score0.00301EPSS
CVE
CVEadded 2018/04/11 7:29 p.m.45 views

CVE-2017-7534

OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.

5.4CVSS5.2AI score0.00168EPSS
CVE
CVEadded 2016/06/08 5:59 p.m.41 views

CVE-2016-3708

Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contain...

7.1CVSS7.2AI score0.00198EPSS
CVE
CVEadded 2016/06/08 5:59 p.m.38 views

CVE-2016-3738

Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.

8.8CVSS8.3AI score0.01035EPSS
CVE
CVEadded 2016/08/05 3:59 p.m.36 views

CVE-2016-5392

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.

6.8CVSS5.9AI score0.00337EPSS