VYPR

Openshift

by Red Hat

Source repositories

CVEs (144)

  • CVE-2017-1000376HigJun 19, 2017
    risk 0.46cvss 7.0epss 0.01

    libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be…

  • CVE-2016-3708HigJun 8, 2016
    risk 0.46cvss 7.1epss 0.01

    Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder…

  • CVE-2024-12085HigJan 14, 2025
    risk 0.43cvss 7.5epss 0.09

    A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a…

  • CVE-2018-14632HigSep 6, 2018
    risk 0.43cvss 7.7epss 0.02

    An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster…

  • CVE-2026-35092HigApr 1, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This…

  • CVE-2017-12195MedJul 27, 2018
    risk 0.42cvss 6.5epss 0.01

    A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires…

  • CVE-2018-10885MedJul 5, 2018
    risk 0.42cvss 6.5epss 0.02

    In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.

  • CVE-2018-1070MedJun 12, 2018
    risk 0.42cvss 6.5epss 0.01

    routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router…

  • CVE-2016-5392MedAug 5, 2016
    risk 0.42cvss 6.5epss 0.02

    The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.

  • CVE-2016-2149MedJun 8, 2016
    risk 0.42cvss 6.5epss 0.02

    Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.

  • CVE-2016-3724MedMay 17, 2016
    risk 0.42cvss 6.5epss 0.02

    Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.

  • CVE-2015-7539HigFeb 3, 2016
    risk 0.42cvss 7.5epss 0.01

    The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.

  • CVE-2016-3726HigMay 17, 2016
    risk 0.41cvss 7.4epss 0.02

    Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.

  • CVE-2016-2142MedJun 8, 2016
    risk 0.36cvss 5.5epss 0.00

    Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.

  • CVE-2025-14512MedDec 11, 2025
    risk 0.35cvss 6.5epss 0.01

    A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

  • CVE-2017-7534MedApr 11, 2018
    risk 0.35cvss 5.4epss 0.01

    OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.

  • CVE-2016-3703MedJun 8, 2016
    risk 0.35cvss 5.3epss 0.01

    Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an…

  • CVE-2016-0790MedApr 7, 2016
    risk 0.35cvss 5.3epss 0.02

    Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.

  • CVE-2024-7128MedJul 26, 2024
    risk 0.34cvss 5.3epss 0.00

    A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks,…

  • CVE-2015-8945MedAug 5, 2016
    risk 0.33cvss 5.1epss 0.00

    openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal.

Page 2 of 8