Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openshift vulnerabilities and exploits
(subscribe to this query)
4.4
CVSSv2
CVE-2020-35514
An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own nod...
Redhat Openshift 4.7.0
Redhat Openshift
4.3
CVSSv2
CVE-2020-10715
A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an malicious user to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the...
Redhat Openshift 3.11
Redhat Openshift
6.5
CVSSv2
CVE-2019-10225
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the valu...
Redhat Openshift Container Platform 3.11
Redhat Openshift 4.2
Redhat Openshift Container Platform 4.0
NA
CVE-2021-4294
A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974...
Redhat Openshift Container Platform 4.0
Redhat Openshift Osin 1.0.1
Redhat Openshift Osin 1.0.0
3.5
CVSSv2
CVE-2019-3889
A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 up to and including 3.7 and openshift-enterprise-3.9 up to and including 3.11. An attacker could use this flaw to steal authorization ...
Redhat Openshift Container Platform
Redhat Openshift Container Platform 4.1
Redhat Openshift Container Platform 4.2
7.5
CVSSv2
CVE-2012-5646
node-util/www/html/restorer.php in the Red Hat OpenShift Origin prior to 1.0.5-3 allows remote malicious users to execute arbitrary commands via a crafted uuid in the PATH_INFO.
Redhat Openshift Origin
Redhat Openshift 1.0
5.8
CVSSv2
CVE-2012-5647
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin prior to 1.0.5-3 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.
Redhat Openshift Origin
Redhat Openshift 1.0
4.4
CVSSv2
CVE-2019-19351
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-...
Redhat Openshift 3.11
Redhat Openshift 4.0
NA
CVE-2023-0229
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restr...
Redhat Openshift 4.11
Redhat Openshift 4.12
2.1
CVSSv2
CVE-2012-5658
rhc-chk.rb in Red Hat OpenShift Origin prior to 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent malicious users to obtain sensitive information, as demonstrated by including log files or Bugzilla...
Redhat Openshift
Redhat Openshift Origin 1.0.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »