Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openshift
(Redhat)| Repositories |
• https://github.com/openshift/origin-server
• https://github.com/opencontainers/runc • https://github.com/jenkinsci/jenkins • https://github.com/libarchive/libarchive • https://github.com/php/php-src |
| #Vulnerabilities | 139 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-02-19 | CVE-2012-6685 | Nokogiri before 1.5.4 is vulnerable to XXE attacks | Nokogiri, Cloudforms_management_engine, Enterprise_mrg, Openshift, Openstack, Openstack_foreman, Satellite, Subscription_asset_manager | N/A | ||
| 2020-01-28 | CVE-2013-2060 | The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. | Openshift | N/A | ||
| 2019-12-20 | CVE-2016-1000229 | swagger-ui has XSS in key names | Jboss_fuse, Openshift, Swagger\-Ui | N/A | ||
| 2016-09-21 | CVE-2016-5418 | The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. | Libarchive, Linux, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation, Openshift | 7.5 | ||
| 2017-04-20 | CVE-2016-5409 | Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. | Openshift | 7.5 | ||
| 2016-02-03 | CVE-2015-7539 | The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin. | Jenkins, Openshift | 7.5 | ||
| 2016-02-03 | CVE-2015-7538 | Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors. | Jenkins, Openshift | 8.8 | ||
| 2016-02-03 | CVE-2015-7537 | Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method. | Jenkins, Openshift | 8.8 | ||
| 2015-11-25 | CVE-2015-5326 | Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message. | Jenkins, Openshift | N/A | ||
| 2015-11-25 | CVE-2015-5325 | Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665. | Jenkins, Openshift | N/A |