Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openshift vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2013-0163
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
Redhat Openshift 1.0
Redhat Openshift 2.0
7
CVSSv3
CVE-2019-19351
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-...
Redhat Openshift 3.11
Redhat Openshift 4.0
5.3
CVSSv3
CVE-2016-3703
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote malicious users to access API credentials in the web browser localStorage via an ...
Redhat Openshift 3.1
Redhat Openshift 3.2
NA
CVE-2012-5646
node-util/www/html/restorer.php in the Red Hat OpenShift Origin prior to 1.0.5-3 allows remote malicious users to execute arbitrary commands via a crafted uuid in the PATH_INFO.
Redhat Openshift Origin
Redhat Openshift 1.0
NA
CVE-2012-5658
rhc-chk.rb in Red Hat OpenShift Origin prior to 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent malicious users to obtain sensitive information, as demonstrated by including log files or Bugzilla...
Redhat Openshift
Redhat Openshift Origin 1.0.5
4.4
CVSSv3
CVE-2019-19335
During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned wo...
Redhat Openshift 4.2
Redhat Openshift 4.0
NA
CVE-2013-0164
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin prior to 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Redhat Openshift
Redhat Openshift Origin 1.0.5
8.8
CVSSv3
CVE-2014-0163
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
Redhat Openshift 1.0
Redhat Openshift 2.0
8
CVSSv3
CVE-2023-1260
An authentication bypass vulnerability exists in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need ...
Kubernetes Kube-apiserver -
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.13
6.5
CVSSv3
CVE-2020-14336
A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an malicious user to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest thre...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.6
Redhat Openshift Container Platform 4.5.16
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »