Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openshift
(Redhat)| Repositories |
• https://github.com/openshift/origin-server
• https://github.com/opencontainers/runc • https://github.com/jenkinsci/jenkins • https://github.com/libarchive/libarchive • https://github.com/php/php-src |
| #Vulnerabilities | 140 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-03-18 | CVE-2019-19335 | During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable. | Openshift | 4.4 | ||
| 2020-03-18 | CVE-2019-19351 | An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11. | Openshift | 7.0 | ||
| 2020-03-18 | CVE-2019-19355 | An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4. | Openshift | 7.0 | ||
| 2020-03-20 | CVE-2019-19345 | A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | Openshift | 7.8 | ||
| 2022-06-30 | CVE-2013-4561 | In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. | Openshift | 9.1 | ||
| 2018-05-11 | CVE-2018-1257 | Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. | Agile_product_lifecycle_management, Application_testing_suite, Big_data_discovery, Communications_converged_application_server, Communications_diameter_signaling_router, Communications_performance_intelligence_center, Communications_services_gatekeeper, Communications_unified_inventory_management, Endeca_information_discovery_integrator, Enterprise_manager_base_platform, Enterprise_manager_for_mysql_database, Enterprise_manager_ops_center, Flexcube_private_banking, Goldengate_for_big_data, Health_sciences_information_manager, Healthcare_master_person_index, Hospitality_guest_access, Insurance_calculation_engine, Insurance_rules_palette, Primavera_gateway, Retail_customer_insights, Retail_open_commerce_platform, Retail_order_broker, Retail_predictive_application_server, Service_architecture_leveraging_tuxedo, Tape_library_acsls, Utilities_network_management_system, Weblogic_server, Openshift, Spring_framework | 6.5 | ||
| 2018-04-24 | CVE-2018-1059 | The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. | Ubuntu_linux, Data_plane_development_kit, Ceph_storage, Enterprise_linux, Enterprise_linux_fast_datapath, Openshift, Openstack, Virtualization, Virtualization_manager | 6.1 | ||
| 2018-07-13 | CVE-2018-10875 | A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. | Ubuntu_linux, Debian_linux, Ansible_engine, Ceph_storage, Gluster_storage, Openshift, Openstack, Virtualization, Virtualization_host, Package_hub | 7.8 | ||
| 2017-08-07 | CVE-2015-7561 | Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | Kubernetes, Openshift | 3.1 | ||
| 2021-03-24 | CVE-2019-19350 | An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | Openshift | 7.8 |