openshift vulnerabilities and exploits

NA
CVE-2014-0163

Openshift has shell command injection flaws due to unsanitized data being passed into shell commands....

NA
CVE-2013-2095

rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection...

NA
CVE-2013-0163

OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS...

5.5
CVSSv2
CVE-2013-2103

OpenShift cartridge allows remote URL retrieval...

2.1
CVSSv2
CVE-2014-0084

Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly....

6.4
CVSSv2
CVE-2012-6135

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process....

4.6
CVSSv2
CVE-2014-0023

OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution...

4.3
CVSSv2
CVE-2014-3592

OpenShift Origin: Improperly validated team names could allow stored XSS attacks...

4.3
CVSSv2
CVE-2013-5123

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks....

7.5
CVSSv2
CVE-2013-0165

cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp....