Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openshift container platform 3.11 vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2019-1003031
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and previous versions in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.
Jenkins Matrix Project
Redhat Openshift Container Platform 3.11
9.9
CVSSv3
CVE-2019-1003034
A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and previous versions in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groo...
Jenkins Job Dsl
Redhat Openshift Container Platform 3.11
9.8
CVSSv3
CVE-2019-1003041
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and previous versions allows malicious users to invoke arbitrary constructors in sandboxed scripts.
Jenkins Pipeline\\ Groovy
Redhat Openshift Container Platform 3.11
9.8
CVSSv3
CVE-2019-3899
It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.
Redhat Openshift Container Platform 3.11
Heketi Project Heketi -
7.5
CVSSv3
CVE-2023-6476
A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.13
Redhat Openshift Container Platform 4.14
8.8
CVSSv3
CVE-2019-10384
Jenkins 2.191 and previous versions, LTS 2.176.2 and previous versions allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
4.8
CVSSv3
CVE-2019-10383
A stored cross-site scripting vulnerability in Jenkins 2.191 and previous versions, LTS 2.176.2 and previous versions allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
6.5
CVSSv3
CVE-2019-11250
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authe...
Kubernetes Kubernetes 1.16.0
Kubernetes Kubernetes
Kubernetes Kubernetes 1.15.4
Kubernetes Kubernetes 1.15.3
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
7.1
CVSSv3
CVE-2022-2989
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissio...
Podman Project Podman
Redhat Enterprise Linux 7.0
Redhat Openshift Container Platform 3.11
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.0
Redhat Enterprise Linux 9.0
4.8
CVSSv3
CVE-2019-1003014
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and previous versions in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when ...
Jenkins Config File Provider
Redhat Openshift Container Platform 3.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »