Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openshift vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4456
A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
Redhat Openshift Logging
6.5
CVSSv2
CVE-2015-5274
rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker.
Redhat Openshift 2.2
10
CVSSv2
CVE-2013-2060
The download_from_url function in OpenShift Origin allows remote malicious users to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.
Redhat Openshift 1.0
5.5
CVSSv2
CVE-2013-2103
OpenShift cartridge allows remote URL retrieval
Redhat Openshift 1.0
4.4
CVSSv2
CVE-2019-19355
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-oper...
Redhat Openshift 4.0
NA
CVE-2021-3703
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0.
Redhat Openshift Serverless
4.3
CVSSv2
CVE-2013-0196
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an malicious user to obtain the credential and the Authorization: header when requesting the REST...
Redhat Openshift 1.2
2.1
CVSSv2
CVE-2014-0084
Ruby gem openshift-origin-node prior to 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.
Redhat Openshift Origin
NA
CVE-2022-3259
Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.
Redhat Openshift 4.9
6.5
CVSSv2
CVE-2016-3738
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.
Redhat Openshift 3.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »