Product:

Openshift

(Redhat)
Date ID Summary Products Score Patch
2019-10-08 CVE-2019-14845 A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content. Openshift N/A
2019-11-19 CVE-2012-6135 RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. Passenger, Openshift N/A
2019-11-15 CVE-2014-0023 OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution Openshift N/A
2019-11-05 CVE-2013-5123 The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. Debian_linux, Fedora, Pip, Openshift, Software_collections, Virtualenv N/A
2019-11-01 CVE-2013-0165 cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. Openshift N/A
2018-04-30 CVE-2018-1102 A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation. Openshift 8.8
2018-07-05 CVE-2018-10885 In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster. Openshift 7.5
2018-03-09 CVE-2018-1069 Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem. Openshift 7.1
2018-04-11 CVE-2017-7534 OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod. Openshift 5.4
2018-07-16 CVE-2017-15137 The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed. Openshift, Openshift_container_platform 5.3