Date ID Summary Products Score Patch
2019-11-25 CVE-2019-10213 OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user. Openshift_container_platform N/A
2019-11-25 CVE-2019-14891 A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host. Fedora, Cri\-O, Openshift_container_platform N/A
2019-11-05 CVE-2019-10223 A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been... Kube\-State\-Metrics, Openshift_container_platform N/A
2019-04-01 CVE-2019-1002101 The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user?s machine when kubectl cp is called, limited only by the system permissions of... Kubernetes, Openshift_container_platform 5.5
2019-07-30 CVE-2019-10165 OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources. Openshift_container_platform 2.3
2019-06-12 CVE-2019-10150 It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output. Openshift_container_platform 5.9
2019-02-20 CVE-2019-1003024 A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. Script_security, Openshift_container_platform 8.8
2019-02-06 CVE-2019-1003014 An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file. Config_file_provider, Openshift_container_platform 4.8
2019-02-06 CVE-2019-1003013 An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/,... Blue_ocean, Openshift_container_platform 5.4
2019-02-06 CVE-2019-1003012 A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/, blueocean-web/src/main/java/io/jenkins/blueocean/, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers... Blue_ocean, Openshift_container_platform 6.5