Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openshift container platform vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-11250
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authe...
Kubernetes Kubernetes 1.16.0
Kubernetes Kubernetes
Kubernetes Kubernetes 1.15.4
Kubernetes Kubernetes 1.15.3
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
3.7
CVSSv3
CVE-2021-20238
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include so...
Redhat Openshift Container Platform 4.0
Redhat Openshift Machine-config-operator
8.8
CVSSv3
CVE-2019-0542
A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.
Xtermjs Xterm.js
Redhat Openshift Container Platform
7.8
CVSSv3
CVE-2020-27786
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow...
Linux Linux Kernel
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.5
Redhat Openshift Container Platform 4.6
Redhat Openshift Container Platform 4.4
Redhat Enterprise Mrg 2.0
Netapp Cloud Backup -
Netapp Solidfire Baseboard Management Controller -
2 Github repositories
5.9
CVSSv3
CVE-2021-4294
A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974...
Redhat Openshift Container Platform 4.0
Redhat Openshift Osin 1.0.1
Redhat Openshift Osin 1.0.0
7.2
CVSSv3
CVE-2019-1003004
An improper authorization vulnerability exists in Jenkins 2.158 and previous versions, LTS 2.150.1 and previous versions in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows malicious users to extend the duration of active HTTP sessions indefinit...
Jenkins Jenkins
Redhat Openshift Container Platform 3.11
7.2
CVSSv3
CVE-2019-1003003
An improper authorization vulnerability exists in Jenkins 2.158 and previous versions, LTS 2.150.1 and previous versions in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies ...
Jenkins Jenkins
Redhat Openshift Container Platform 3.11
6.5
CVSSv3
CVE-2018-1000864
A denial of service vulnerability exists in Jenkins 2.153 and previous versions, LTS 2.138.3 and previous versions in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.
Jenkins Jenkins
Redhat Openshift Container Platform 3.11
4.3
CVSSv3
CVE-2018-1000862
An information exposure vulnerability exists in Jenkins 2.153 and previous versions, LTS 2.138.3 and previous versions in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the dura...
Jenkins Jenkins
Redhat Openshift Container Platform 3.11
8.2
CVSSv3
CVE-2018-1000863
A data modification vulnerability exists in Jenkins 2.153 and previous versions, LTS 2.138.3 and previous versions in User.java, IdStrategy.java that allows malicious users to submit crafted user names that can cause an improper migration of user record storage formats, potential...
Jenkins Jenkins
Redhat Openshift Container Platform 3.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »