Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openshift container platform 3.11 vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2020-1741
A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, coul...
Redhat Openshift Container Platform 3.11
5.9
CVSSv3
CVE-2019-10214
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulne...
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.1
Skopeo Project Skopeo -
Buildah Project Buildah -
Libpod Project Libpod -
Opensuse Leap 15.1
5.9
CVSSv3
CVE-2019-10150
It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.
Redhat Openshift Container Platform
5.9
CVSSv3
CVE-2019-2684
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network ...
Oracle Jdk 11.0.2
Oracle Jdk 12
Oracle Jre 11.0.2
Oracle Jre 12
Oracle Jdk 1.8.0
Oracle Jdk 1.7.0
Oracle Jre 1.8.0
Oracle Jre 1.7.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Satellite 5.8
Redhat Openshift Container Platform 3.11
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
2 Github repositories
5.5
CVSSv3
CVE-2020-10763
An information-disclosure flaw was found in the way Heketi prior to 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.
Heketi Project Heketi
Redhat Enterprise Linux 7.0
Redhat Gluster Storage 3.0
Redhat Openshift Container Platform 4.0
Redhat Gluster Storage 3.5
5.5
CVSSv3
CVE-2019-1002101
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container i...
Kubernetes Kubernetes
Kubernetes Kubernetes 1.14.0
Redhat Openshift Container Platform 3.9
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 3.10
3 Github repositories
5.5
CVSSv3
CVE-2018-18397
The userfaultfd implementation in the Linux kernel prior to 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains ho...
Linux Linux Kernel
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Server Eus 7.4
Redhat Virtualization Host 4.0
Redhat Enterprise Linux Server Tus 7.4
Redhat Enterprise Linux Server Eus 7.5
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Openshift Container Platform 3.11
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
5.4
CVSSv3
CVE-2019-10176
A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
5.4
CVSSv3
CVE-2019-3889
A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 up to and including 3.7 and openshift-enterprise-3.9 up to and including 3.11. An attacker could use this flaw to steal authorization ...
Redhat Openshift Container Platform
Redhat Openshift Container Platform 4.1
Redhat Openshift Container Platform 4.2
5.4
CVSSv3
CVE-2019-1003050
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and previous versions and Jenkins LTS 2.164.1 and previous versions, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
Redhat Openshift Container Platform 3.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »