VYPR

Openshift

by Red Hat

Source repositories

CVEs (144)

  • CVE-2020-10715Sep 16, 2020
    risk 0.00cvss epss 0.01

    A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the…

  • CVE-2020-10706May 12, 2020
    risk 0.00cvss epss 0.00

    A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into…

  • CVE-2020-1741Apr 24, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could…

  • CVE-2019-19346Apr 2, 2020
    risk 0.00cvss epss 0.00

    An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and…

  • CVE-2019-19345Mar 20, 2020
    risk 0.00cvss epss 0.00

    A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify…

  • CVE-2020-1709Mar 20, 2020
    risk 0.00cvss epss 0.00

    A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and…

  • CVE-2019-19355Mar 18, 2020
    risk 0.00cvss epss 0.00

    An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the…

  • CVE-2019-19351Mar 18, 2020
    risk 0.00cvss epss 0.00

    An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the…

  • CVE-2019-19335Mar 18, 2020
    risk 0.00cvss epss 0.00

    During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned…

  • CVE-2019-14819Jan 7, 2020
    risk 0.00cvss epss 0.01

    A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges…

  • CVE-2014-0163Dec 11, 2019
    risk 0.00cvss epss 0.02

    Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.

  • CVE-2013-2103Dec 3, 2019
    risk 0.00cvss epss 0.01

    OpenShift cartridge allows remote URL retrieval

  • CVE-2019-10213Nov 25, 2019
    risk 0.00cvss epss 0.01

    OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been…

  • CVE-2014-0023Nov 15, 2019
    risk 0.00cvss epss 0.00

    OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution

  • CVE-2014-3592Nov 13, 2019
    risk 0.00cvss epss 0.01

    OpenShift Origin: Improperly validated team names could allow stored XSS attacks

  • CVE-2013-0165Nov 1, 2019
    risk 0.00cvss epss 0.01

    cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.

  • CVE-2019-14845Oct 8, 2019
    risk 0.00cvss epss 0.00

    A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.

  • CVE-2019-10176Aug 2, 2019
    risk 0.00cvss epss 0.01

    A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use…

  • CVE-2019-3884Aug 1, 2019
    risk 0.00cvss epss 0.01

    A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.

  • CVE-2019-10165Jul 30, 2019
    risk 0.00cvss epss 0.00

    OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources.

Page 5 of 8