Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openshift vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2013-4253
The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.
Redhat Openshift 1.0
3 Github repositories
7.8
CVSSv3
CVE-2019-19349
An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Redhat Openshift 4.0
7
CVSSv3
CVE-2019-19355
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-oper...
Redhat Openshift 4.0
4.8
CVSSv3
CVE-2022-3260
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.
Redhat Openshift 4.9
8.1
CVSSv3
CVE-2022-3262
A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an malicious user to supply an incorrect name with the DNS search policy, affecting confidentiality and availabilit...
Redhat Openshift 4.9
6.5
CVSSv3
CVE-2019-1003080
A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows malicious users to initiate a connection to an attacker-specified server.
Jenkins Openshift Deployer
6.5
CVSSv3
CVE-2019-1003081
A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
Jenkins Openshift Deployer
6.1
CVSSv3
CVE-2014-3592
OpenShift Origin: Improperly validated team names could allow stored XSS attacks
Redhat Openshift Origin
3.5
CVSSv3
CVE-2017-7517
An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project ca...
Redhat Openshift 3.0
5.3
CVSSv3
CVE-2023-0296
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary ...
Redhat Openshift 4.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »