VYPR

OpenShift Enterprise

by Red Hat

Source repositories

CVEs (26)

  • CVE-2015-5222Aug 24, 2015
    risk 0.00cvss epss 0.03

    Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.

  • CVE-2014-0233Nov 16, 2014
    risk 0.00cvss epss 0.02

    Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.

  • CVE-2014-3674Nov 13, 2014
    risk 0.00cvss epss 0.02

    Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.

  • CVE-2014-3602Nov 13, 2014
    risk 0.00cvss epss 0.00

    Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.

  • CVE-2014-0164May 5, 2014
    risk 0.00cvss epss 0.00

    openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.

  • CVE-2014-0188Apr 24, 2014
    risk 0.00cvss epss 0.02

    The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User…

Page 2 of 2