Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Openshift Subscribe

Filter

93 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3884 1 Redhat 1 Openshift 2019-10-09 5.0
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1...
CVE-2018-1102 1 Redhat 1 Openshift 2019-10-09 6.5
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.
CVE-2018-1069 1 Redhat 1 Openshift 2019-10-09 5.4
Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.
CVE-2018-10885 1 Redhat 1 Openshift 2019-10-09 5.0
In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift...
CVE-2017-7534 1 Redhat 1 Openshift 2019-10-09 3.5
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when...
CVE-2017-15137 1 Redhat 2 Openshift, Openshift Container Platform 2019-10-09 5.0
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.
CVE-2016-9592 1 Redhat 1 Openshift 2019-10-09 4.0
openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume,...
CVE-2016-8651 1 Redhat 2 Openshift, Openshift Container Platform 2019-10-09 2.7
An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the...
CVE-2016-8631 1 Redhat 1 Openshift 2019-10-09 4.0
The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.
CVE-2016-7075 2 Kubernetes, Redhat 2 Kubernetes, Openshift 2019-10-09 6.8
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted...
CVE-2019-6648 2 F5, Redhat 2 Container Ingress Service, Openshift 2019-10-09 1.9
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs...
CVE-2018-10875 3 Redhat, Debian, Suse 9 Ansible Engine, Openstack, Virtualization and 6 more 2019-07-25 7.5
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
CVE-2018-1257 3 Pivotal Software, Redhat, Oracle 27 Spring Framework, Openshift, Agile Product Lifecycle Management and 24 more 2019-07-23 4.0
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging...
CVE-2018-14645 3 Haproxy, Redhat, Canonical 5 Haproxy, Openshift, Openshift Container Platform and 2 more 2019-07-23 5.0
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.
CVE-2019-5736 10 Docker, Google, Linuxcontainers and 7 more 12 Docker, Kubernetes Engine, Lxc and 9 more 2019-06-03 9.3
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these...
CVE-2017-1000376 2 Redhat, Debian 4 Enterprise Virtualization Server, Enterprise Linux, Openshift and 1 more 2019-04-26 6.9
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi...
CVE-2016-5766 5 Freebsd, Debian, Libgd and 2 more 6 Debian Linux, Openshift, Enterprise Linux and 3 more 2019-04-22 6.8
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service...
CVE-2014-3681 2 Jenkins, Redhat 2 Openshift, Jenkins 2018-12-18 4.3
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-0188 1 Redhat 1 Openshift 2018-12-11 7.5
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate...
CVE-2015-7501 1 Redhat 15 Data Grid, Jboss A-mq, Jboss Bpm Suite and 12 more 2018-10-17 10.0
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON)...