Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openshift 3.11 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-10715
A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an malicious user to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the...
Redhat Openshift 3.11
Redhat Openshift
4.6
CVSSv2
CVE-2020-1709
A vulnerability was found in all openshift/mediawiki 4.x.x versions before 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and esca...
Redhat Openshift 3.11
Redhat Openshift
4.6
CVSSv2
CVE-2019-19345
A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions before 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /e...
Redhat Openshift 3.11
Redhat Openshift
4.4
CVSSv2
CVE-2019-19351
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-...
Redhat Openshift 3.11
Redhat Openshift 4.0
4.6
CVSSv2
CVE-2019-19350
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Redhat Openshift 3.11
Redhat Openshift 4.0
5
CVSSv2
CVE-2019-3884
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.
Redhat Openshift 3.7
Redhat Openshift 3.6
Redhat Openshift 3.8
Redhat Openshift 3.9
Redhat Openshift 3.10
Redhat Openshift 3.11
Redhat Openshift 4.1
6.5
CVSSv2
CVE-2019-10225
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the valu...
Redhat Openshift 4.2
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.0
6
CVSSv2
CVE-2020-10752
A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuth...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.0
6.5
CVSSv2
CVE-2019-14819
A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 3.10
5.8
CVSSv2
CVE-2019-10176
A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »