Lucene search

Veracode Vulnerability DatabaseVERACODE:19792

HistoryMay 16, 2019 - 3:24 a.m.

Sandbox Restrictions Bypass

2019-05-1603:24:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.82. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2019:0327 Space precludes documenting all of the bug fixes in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html All OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages.

CPENameOperatorVersion
atomic-openshifteq3.10.72__1.git.0.3cb2fdc.el7
atomic-openshifteq3.9.68__1.git.0.76fd86e.el7
atomic-openshifteq3.5.5.31.80__1.git.0.c4a0780.el7
atomic-openshifteq3.3.1.20__1.git.0.71967e4.el7
atomic-openshifteq3.5.5.31.24__1.git.0.ff74e0b.el7
atomic-openshifteq3.3.1.3__1.git.0.86dc49a.el7
atomic-openshifteq3.5.5.31.66__1.git.0.b27a71b.el7
atomic-openshifteq3.1.1.11__3.git.26.629ff43.el7aos
atomic-openshifteq3.3.1.4__1.git.0.7c8657c.el7
atomic-openshifteq3.10.66__1.git.0.91d1e89.el7

Name	Operator	Version
atomic-openshift	eq	3.10.72__1.git.0.3cb2fdc.el7
atomic-openshift	eq	3.9.68__1.git.0.76fd86e.el7
atomic-openshift	eq	3.5.5.31.80__1.git.0.c4a0780.el7
atomic-openshift	eq	3.3.1.20__1.git.0.71967e4.el7
atomic-openshift	eq	3.5.5.31.24__1.git.0.ff74e0b.el7
atomic-openshift	eq	3.3.1.3__1.git.0.86dc49a.el7
atomic-openshift	eq	3.5.5.31.66__1.git.0.b27a71b.el7
atomic-openshift	eq	3.1.1.11__3.git.26.629ff43.el7aos
atomic-openshift	eq	3.3.1.4__1.git.0.7c8657c.el7
atomic-openshift	eq	3.10.66__1.git.0.91d1e89.el7

Rows per page:

1-10 of 5491

References

packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html

www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming

access.redhat.com/errata/RHBA-2019:0326

access.redhat.com/errata/RHBA-2019:0327

access.redhat.com/security/cve/CVE-2018-1000865

access.redhat.com/security/cve/CVE-2018-1000866

access.redhat.com/security/cve/CVE-2018-20102

access.redhat.com/security/cve/CVE-2018-20103

access.redhat.com/security/cve/CVE-2018-20615

access.redhat.com/security/cve/CVE-2019-1003000

access.redhat.com/security/cve/CVE-2019-1003001

access.redhat.com/security/cve/CVE-2019-1003002

access.redhat.com/security/cve/CVE-2019-1003003

access.redhat.com/security/cve/CVE-2019-1003004

access.redhat.com/security/cve/CVE-2019-1003010

access.redhat.com/security/cve/CVE-2019-1003011

access.redhat.com/security/cve/CVE-2019-1003012

access.redhat.com/security/cve/CVE-2019-1003013

access.redhat.com/security/cve/CVE-2019-1003014

access.redhat.com/security/cve/CVE-2019-3826

bugzilla.redhat.com/show_bug.cgi?id=1506736

bugzilla.redhat.com/show_bug.cgi?id=1598822

bugzilla.redhat.com/show_bug.cgi?id=1615719

bugzilla.redhat.com/show_bug.cgi?id=1623338

bugzilla.redhat.com/show_bug.cgi?id=1634302

bugzilla.redhat.com/show_bug.cgi?id=1635254

bugzilla.redhat.com/show_bug.cgi?id=1635613

bugzilla.redhat.com/show_bug.cgi?id=1642379

bugzilla.redhat.com/show_bug.cgi?id=1642929

bugzilla.redhat.com/show_bug.cgi?id=1651090

bugzilla.redhat.com/show_bug.cgi?id=1651632

bugzilla.redhat.com/show_bug.cgi?id=1655183

bugzilla.redhat.com/show_bug.cgi?id=1657019

bugzilla.redhat.com/show_bug.cgi?id=1659194

bugzilla.redhat.com/show_bug.cgi?id=1659441

bugzilla.redhat.com/show_bug.cgi?id=1659653

bugzilla.redhat.com/show_bug.cgi?id=1659976

bugzilla.redhat.com/show_bug.cgi?id=1660598

bugzilla.redhat.com/show_bug.cgi?id=1664753

bugzilla.redhat.com/show_bug.cgi?id=1665235

bugzilla.redhat.com/show_bug.cgi?id=1666820

bugzilla.redhat.com/show_bug.cgi?id=1667270

bugzilla.redhat.com/show_bug.cgi?id=1667618

bugzilla.redhat.com/show_bug.cgi?id=1668412

bugzilla.redhat.com/show_bug.cgi?id=1668828

bugzilla.redhat.com/show_bug.cgi?id=1668970

bugzilla.redhat.com/show_bug.cgi?id=1669019

bugzilla.redhat.com/show_bug.cgi?id=1669194

bugzilla.redhat.com/show_bug.cgi?id=1669439

bugzilla.redhat.com/show_bug.cgi?id=1669555

bugzilla.redhat.com/show_bug.cgi?id=1669984

bugzilla.redhat.com/show_bug.cgi?id=1670551

bugzilla.redhat.com/show_bug.cgi?id=1673178

jenkins.io/security/advisory/2019-01-08/#SECURITY-1266

www.exploit-db.com/exploits/46453/

www.exploit-db.com/exploits/46572/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

JSON

Related for VERACODE:19792