Lucene search

K
RedhatOpenshift

21 matches found

CVE
CVE
added 2023/01/17 9:15 p.m.145 views

CVE-2023-0296

The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new po...

5.3CVSS6.7AI score0.38333EPSS
CVE
CVE
added 2016/04/07 11:59 p.m.96 views

CVE-2016-0790

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.

5.3CVSS6.8AI score0.00115EPSS
CVE
CVE
added 2019/11/05 10:15 p.m.85 views

CVE-2013-5123

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

5.9CVSS5.4AI score0.12863EPSS
CVE
CVE
added 2019/08/01 2:15 p.m.82 views

CVE-2019-3884

A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.

5.4CVSS5.5AI score0.00111EPSS
CVE
CVE
added 2019/10/08 7:15 p.m.77 views

CVE-2019-14845

A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.

5.7CVSS5.1AI score0.00043EPSS
CVE
CVE
added 2016/05/17 2:8 p.m.76 views

CVE-2016-3725

Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).

5CVSS5.2AI score0.00135EPSS
CVE
CVE
added 2014/10/16 7:55 p.m.73 views

CVE-2014-3661

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.

5CVSS7.8AI score0.00124EPSS
CVE
CVE
added 2014/10/16 7:55 p.m.68 views

CVE-2014-3662

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.

5CVSS7.9AI score0.00063EPSS
CVE
CVE
added 2018/07/16 8:29 p.m.65 views

CVE-2017-15137

The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.

5.3CVSS5.3AI score0.00167EPSS
CVE
CVE
added 2015/11/25 8:59 p.m.62 views

CVE-2015-5322

Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.

5CVSS8.3AI score0.00229EPSS
CVE
CVE
added 2016/04/11 9:59 p.m.61 views

CVE-2015-7528

Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.

5.3CVSS5.1AI score0.00366EPSS
CVE
CVE
added 2015/11/25 8:59 p.m.59 views

CVE-2015-5320

Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.

5CVSS8.5AI score0.00154EPSS
CVE
CVE
added 2015/11/25 8:59 p.m.58 views

CVE-2015-5324

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.

5CVSS8AI score0.00209EPSS
CVE
CVE
added 2015/11/25 8:59 p.m.55 views

CVE-2015-5321

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.

5CVSS8.1AI score0.00154EPSS
CVE
CVE
added 2019/12/05 3:15 p.m.51 views

CVE-2013-0163

OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS

5.5CVSS5.5AI score0.00122EPSS
CVE
CVE
added 2016/06/08 5:59 p.m.51 views

CVE-2016-3703

Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query...

5.3CVSS5.6AI score0.00167EPSS
CVE
CVE
added 2015/11/25 8:59 p.m.50 views

CVE-2015-5319

XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job.

5CVSS8.2AI score0.00233EPSS
CVE
CVE
added 2016/06/08 5:59 p.m.48 views

CVE-2016-2142

Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.

5.5CVSS5.3AI score0.00097EPSS
CVE
CVE
added 2018/04/11 7:29 p.m.45 views

CVE-2017-7534

OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.

5.4CVSS5.2AI score0.00168EPSS
CVE
CVE
added 2013/02/24 9:55 p.m.43 views

CVE-2012-5647

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.

5.8CVSS6.8AI score0.00475EPSS
CVE
CVE
added 2022/10/19 6:15 p.m.40 views

CVE-2013-4281

In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.

5.5CVSS7AI score0.0002EPSS