Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openshift vulnerabilities and exploits
(subscribe to this query)
7
CVSSv3
CVE-2020-1708
It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running contain...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
Redhat Openshift Container Platform 4.2
Redhat Openshift Container Platform 4.3
5.9
CVSSv3
CVE-2021-4294
A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974...
Redhat Openshift Container Platform 4.0
Redhat Openshift Osin 1.0.1
Redhat Openshift Osin 1.0.0
6.3
CVSSv3
CVE-2019-10225
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the valu...
Redhat Openshift 4.2
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.0
NA
CVE-2012-5647
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin prior to 1.0.5-3 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.
Redhat Openshift Origin
Redhat Openshift 1.0
NA
CVE-2012-5646
node-util/www/html/restorer.php in the Red Hat OpenShift Origin prior to 1.0.5-3 allows remote malicious users to execute arbitrary commands via a crafted uuid in the PATH_INFO.
Redhat Openshift Origin
Redhat Openshift 1.0
7.8
CVSSv3
CVE-2019-19350
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Redhat Openshift 3.11
Redhat Openshift 4.0
5.3
CVSSv3
CVE-2016-3703
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote malicious users to access API credentials in the web browser localStorage via an ...
Redhat Openshift 3.1
Redhat Openshift 3.2
5.5
CVSSv3
CVE-2013-0163
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
Redhat Openshift 1.0
Redhat Openshift 2.0
8.8
CVSSv3
CVE-2014-0163
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
Redhat Openshift 1.0
Redhat Openshift 2.0
NA
CVE-2012-5658
rhc-chk.rb in Red Hat OpenShift Origin prior to 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent malicious users to obtain sensitive information, as demonstrated by including log files or Bugzilla...
Redhat Openshift Origin 1.0.5
Redhat Openshift
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »