Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openshift vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-36906
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and previous versions allows malicious users to connect to an attacker-specified URL using attacker-specified username and password.
Jenkins Openshift Deployer
6.5
CVSSv3
CVE-2022-36907
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
Jenkins Openshift Deployer
6.5
CVSSv3
CVE-2022-36908
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and previous versions allows malicious users to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenk...
Jenkins Openshift Deployer
6.5
CVSSv3
CVE-2022-36909
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and previous versions allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenk...
Jenkins Openshift Deployer
8.8
CVSSv3
CVE-2023-37946
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and previous versions does not invalidate the previous session on login.
Jenkins Openshift Login
6.1
CVSSv3
CVE-2023-37947
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and previous versions improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing malicious users to perform phishing attacks.
Jenkins Openshift Login
5.3
CVSSv3
CVE-2015-3207
In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.
Openshift Origin 3.0.0
8.8
CVSSv3
CVE-2020-2167
Jenkins OpenShift Pipeline Plugin 1.0.56 and previous versions does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Jenkins Openshift Pipeline
3.3
CVSSv3
CVE-2015-0238
selinux-policy as packaged in Red Hat OpenShift 2 allows malicious users to obtain process listing information via a privilege escalation attack.
Redhat Openshift 2.0
6.5
CVSSv3
CVE-2019-1003080
A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows malicious users to initiate a connection to an attacker-specified server.
Jenkins Openshift Deployer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »