Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openshift vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2014-0163
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
Redhat Openshift 1.0
Redhat Openshift 2.0
NA
CVE-2023-0229
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restr...
Redhat Openshift 4.11
Redhat Openshift 4.12
312
VMScore
CVE-2016-3703
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote malicious users to access API credentials in the web browser localStorage via an ...
Redhat Openshift 3.1
Redhat Openshift 3.2
187
VMScore
CVE-2013-0163
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
Redhat Openshift 1.0
Redhat Openshift 2.0
641
VMScore
CVE-2013-4364
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.
Redhat Openshift 1.0
Redhat Openshift 2.0
312
VMScore
CVE-2019-3889
A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 up to and including 3.7 and openshift-enterprise-3.9 up to and including 3.11. An attacker could use this flaw to steal authorization ...
Redhat Openshift Container Platform
Redhat Openshift Container Platform 4.1
Redhat Openshift Container Platform 4.2
NA
CVE-2023-1260
An authentication bypass vulnerability exists in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need ...
Kubernetes Kube-apiserver -
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.13
356
VMScore
CVE-2020-14336
A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an malicious user to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest thre...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.6
Redhat Openshift Container Platform 4.5.16
605
VMScore
CVE-2015-7537
Cross-site request forgery (CSRF) vulnerability in Jenkins prior to 1.640 and LTS prior to 1.625.2 allows remote malicious users to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.
Redhat Openshift 2.0
Redhat Openshift
Jenkins Jenkins
605
VMScore
CVE-2015-7538
Jenkins prior to 1.640 and LTS prior to 1.625.2 allow remote malicious users to bypass the CSRF protection mechanism via unspecified vectors.
Jenkins Jenkins
Redhat Openshift
Redhat Openshift 2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »