Openshift Security Vulnerabilities and Issues — Openshift CVE List

Lucene search

RedhatOpenshift

11 matches found

CVE•added 2016/08/07 10:59 a.m.•426 views

CVE-2016-5766

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibl...

8.8CVSS8.2AI score0.14671EPSS

CVE•added 2021/02/23 10:15 p.m.•168 views

CVE-2021-20182

A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as th...

8.8CVSS9AI score0.0053EPSS

CVE•added 2022/08/24 4:15 p.m.•153 views

CVE-2021-4125

It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.

8.1CVSS9.4AI score0.94358EPSS

CVE•added 2018/04/30 7:29 p.m.•113 views

CVE-2018-1102

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.

8.8CVSS8.4AI score0.01331EPSS

CVE•added 2022/12/08 4:15 p.m.•68 views

CVE-2022-3262

A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.

8.1CVSS7.8AI score0.00348EPSS

CVE•added 2016/02/03 6:59 p.m.•58 views

CVE-2015-7538

Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.

8.8CVSS7.8AI score0.00195EPSS

CVE•added 2016/02/03 6:59 p.m.•56 views

CVE-2015-7537

Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.

8.8CVSS8.4AI score0.00179EPSS

CVE•added 2018/09/10 2:29 p.m.•47 views

CVE-2016-7075

It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.

8.1CVSS8AI score0.00301EPSS

CVE•added 2016/06/08 5:59 p.m.•38 views

CVE-2016-3738

Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.

8.8CVSS8.3AI score0.01035EPSS

CVE•added 2015/08/24 2:59 p.m.•37 views

CVE-2015-5222

Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.

8.5CVSS7.4AI score0.00471EPSS

CVE•added 2019/12/03 2:15 p.m.•36 views

CVE-2013-2103

OpenShift cartridge allows remote URL retrieval

8.1CVSS8.1AI score0.00305EPSS