Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openshift vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2012-5646
node-util/www/html/restorer.php in the Red Hat OpenShift Origin prior to 1.0.5-3 allows remote malicious users to execute arbitrary commands via a crafted uuid in the PATH_INFO.
Redhat Openshift Origin
Redhat Openshift 1.0
5.8
CVSSv2
CVE-2012-5647
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin prior to 1.0.5-3 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.
Redhat Openshift Origin
Redhat Openshift 1.0
2.1
CVSSv2
CVE-2012-5658
rhc-chk.rb in Red Hat OpenShift Origin prior to 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent malicious users to obtain sensitive information, as demonstrated by including log files or Bugzilla...
Redhat Openshift Origin 1.0.5
Redhat Openshift
7.2
CVSSv2
CVE-2013-4364
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.
Redhat Openshift 1.0
Redhat Openshift 2.0
9
CVSSv2
CVE-2014-0163
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
Redhat Openshift 1.0
Redhat Openshift 2.0
3.5
CVSSv2
CVE-2019-3889
A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 up to and including 3.7 and openshift-enterprise-3.9 up to and including 3.11. An attacker could use this flaw to steal authorization ...
Redhat Openshift Container Platform
Redhat Openshift Container Platform 4.1
Redhat Openshift Container Platform 4.2
NA
CVE-2023-1260
An authentication bypass vulnerability exists in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need ...
Kubernetes Kube-apiserver -
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.13
4
CVSSv2
CVE-2020-14336
A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an malicious user to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest thre...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.6
Redhat Openshift Container Platform 4.5.16
6.5
CVSSv2
CVE-2021-3344
A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use t...
Redhat Openshift Builder
Redhat Openshift Container Platform
6.8
CVSSv2
CVE-2015-7537
Cross-site request forgery (CSRF) vulnerability in Jenkins prior to 1.640 and LTS prior to 1.625.2 allows remote malicious users to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.
Redhat Openshift 2.0
Redhat Openshift
Jenkins Jenkins
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »