VYPR

Openshift

by Red Hat

Source repositories

CVEs (144)

  • CVE-2016-0789MedApr 7, 2016
    risk 0.33cvss 6.1epss 0.02

    CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

  • CVE-2017-15137MedJul 16, 2018
    risk 0.28cvss 4.3epss 0.01

    The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.

  • CVE-2016-9592MedApr 16, 2018
    risk 0.28cvss 4.3epss 0.01

    openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of…

  • CVE-2016-3725MedMay 17, 2016
    risk 0.28cvss 4.3epss 0.02

    Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).

  • CVE-2016-3723MedMay 17, 2016
    risk 0.28cvss 4.3epss 0.02

    Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.

  • CVE-2016-3722MedMay 17, 2016
    risk 0.28cvss 4.3epss 0.02

    Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name."

  • CVE-2016-3721MedMay 17, 2016
    risk 0.28cvss 4.3epss 0.02

    Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.

  • CVE-2015-7528MedApr 11, 2016
    risk 0.28cvss 5.3epss 0.02

    Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.

  • CVE-2015-0238LowSep 26, 2017
    risk 0.21cvss 3.3epss 0.00

    selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.

  • CVE-2016-3711LowJun 8, 2016
    risk 0.21cvss 3.3epss 0.00

    HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.

  • CVE-2016-3727MedMay 17, 2016
    risk 0.21cvss 4.3epss 0.02

    The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.

  • CVE-2016-8651LowAug 1, 2018
    risk 0.20cvss 3.1epss 0.01

    An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained…

  • CVE-2015-7561LowAug 7, 2017
    risk 0.13cvss 3.1epss 0.01

    Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.

  • CVE-2013-2060Jan 28, 2020
    risk 0.02cvss epss 0.06

    The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.

  • CVE-2024-9453Jul 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the…

  • CVE-2024-7079Jul 24, 2024
    risk 0.00cvss epss 0.00

    A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to…

  • CVE-2023-5408Nov 2, 2023
    risk 0.00cvss epss 0.01

    A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader…

  • CVE-2022-4145Oct 5, 2023
    risk 0.00cvss epss 0.01

    A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation.

  • CVE-2023-3089Jul 5, 2023
    risk 0.00cvss epss 0.00

    A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

  • CVE-2023-0056Mar 23, 2023
    risk 0.00cvss epss 0.02

    An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

Page 3 of 8