Openshift Security Vulnerabilities and Issues — Openshift CVE List

Lucene search

RedhatOpenshift

4 matches found

CVE•added 2013/02/24 10:55 p.m.•63 views

CVE-2012-5658

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channel...

2.1CVSS6.2AI score0.00063EPSS

CVE•added 2019/07/30 11:15 p.m.•52 views

CVE-2019-10165

OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources.

2.3CVSS4AI score0.00059EPSS

CVE•added 2014/05/05 5:6 p.m.•51 views

CVE-2014-0164

openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.

2.1CVSS5.8AI score0.00037EPSS

CVE•added 2014/11/13 9:32 p.m.•47 views

CVE-2014-3602

Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.

2.1CVSS6.1AI score0.00114EPSS