Openshift Security Vulnerabilities and Issues — Openshift CVE List

Lucene search

RedhatOpenshift

5 matches found

CVE•added 2013/10/28 9:55 p.m.•171 views

CVE-2013-2186

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.

7.5CVSS7.8AI score0.90172EPSS

CVE•added 2013/02/24 10:55 p.m.•63 views

CVE-2012-5658

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channel...

2.1CVSS6.2AI score0.00063EPSS

CVE•added 2013/02/24 9:55 p.m.•59 views

CVE-2012-5646

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.

7.5CVSS7.6AI score0.00934EPSS

CVE•added 2013/02/24 10:55 p.m.•57 views

CVE-2013-0164

The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

3.6CVSS6.2AI score0.00056EPSS

CVE•added 2013/02/24 9:55 p.m.•43 views

CVE-2012-5647

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.

5.8CVSS6.8AI score0.00475EPSS