Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openshift
(Redhat)| Repositories |
• https://github.com/openshift/origin-server
• https://github.com/opencontainers/runc • https://github.com/jenkinsci/jenkins • https://github.com/libarchive/libarchive • https://github.com/php/php-src |
| #Vulnerabilities | 139 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-12-11 | CVE-2013-7370 | node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | Debian_linux, Opensuse, Openshift, Connect | N/A | ||
| 2019-12-11 | CVE-2014-0163 | Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. | Openshift | N/A | ||
| 2019-12-03 | CVE-2013-2103 | OpenShift cartridge allows remote URL retrieval | Openshift | N/A | ||
| 2019-12-05 | CVE-2013-0163 | OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS | Openshift | N/A | ||
| 2019-11-19 | CVE-2012-6135 | RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. | Passenger, Openshift | N/A | ||
| 2019-11-15 | CVE-2014-0023 | OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | Openshift | N/A | ||
| 2019-11-05 | CVE-2013-5123 | The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | Debian_linux, Fedora, Pip, Openshift, Software_collections, Virtualenv | N/A | ||
| 2018-07-05 | CVE-2018-10885 | In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster. | Openshift | 7.5 | ||
| 2018-03-09 | CVE-2018-1069 | Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem. | Openshift | 7.1 | ||
| 2018-04-11 | CVE-2017-7534 | OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod. | Openshift | 5.4 |