Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openshift vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-37947
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and previous versions improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing malicious users to perform phishing attacks.
Jenkins Openshift Login
7.8
CVSSv3
CVE-2019-19349
An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Redhat Openshift 4.0
7
CVSSv3
CVE-2019-19355
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-oper...
Redhat Openshift 4.0
5.5
CVSSv3
CVE-2014-0084
Ruby gem openshift-origin-node prior to 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.
Redhat Openshift Origin
6.5
CVSSv3
CVE-2022-36906
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and previous versions allows malicious users to connect to an attacker-specified URL using attacker-specified username and password.
Jenkins Openshift Deployer
6.5
CVSSv3
CVE-2022-36907
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
Jenkins Openshift Deployer
6.5
CVSSv3
CVE-2022-36908
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and previous versions allows malicious users to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenk...
Jenkins Openshift Deployer
6.5
CVSSv3
CVE-2022-36909
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and previous versions allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenk...
Jenkins Openshift Deployer
NA
CVE-2012-5622
Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote malicious users to hijack the authentication of arbitrary users via unspecified vectors.
Redhat Openshift 0.0.5
3.5
CVSSv3
CVE-2017-7517
An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project ca...
Redhat Openshift 3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »