Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openshift
(Redhat)| Repositories |
• https://github.com/openshift/origin-server
• https://github.com/opencontainers/runc • https://github.com/jenkinsci/jenkins • https://github.com/libarchive/libarchive • https://github.com/php/php-src |
| #Vulnerabilities | 140 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-01-08 | CVE-2015-5254 | Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. | Activemq, Fedora, Openshift | 9.8 | ||
| 2018-04-16 | CVE-2016-9592 | openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit. | Openshift | 4.3 | ||
| 2018-09-21 | CVE-2018-14645 | A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service. | Ubuntu_linux, Haproxy, Enterprise_linux, Openshift, Openshift_container_platform | 7.5 | ||
| 2019-09-04 | CVE-2019-6648 | On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. | Container_ingress_service, Openshift | 4.4 | ||
| 2020-04-02 | CVE-2019-19346 | An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | Openshift | 7.0 | ||
| 2020-04-02 | CVE-2019-19348 | An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | Openshift | 7.0 | ||
| 2017-06-19 | CVE-2017-1000376 | libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. | Debian_linux, Libffi, Peopletools, Enterprise_linux, Enterprise_virtualization_server, Openshift | 7.0 | ||
| 2019-08-01 | CVE-2019-3884 | A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected. | Openshift | 5.4 | ||
| 2012-12-18 | CVE-2012-5622 | Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. | Openshift | N/A | ||
| 2013-02-24 | CVE-2012-5646 | node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO. | Openshift, Openshift_origin | N/A |