Redhat

Openshift

163 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2019-19345

  • EPSS 0.04%
  • Published 20.03.2020 15:15:13
  • Last modified 21.11.2024 04:34:37

A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container ...

7

CVE-2020-1707

  • EPSS 0.04%
  • Published 20.03.2020 15:15:13
  • Last modified 21.11.2024 05:11:12

A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the containe...

7.8

CVE-2020-1709

  • EPSS 0.04%
  • Published 20.03.2020 15:15:13
  • Last modified 21.11.2024 05:11:12

A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this fla...

7

CVE-2019-19351

  • EPSS 0.11%
  • Published 18.03.2020 17:15:11
  • Last modified 21.11.2024 04:34:37

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the...

7

CVE-2019-19355

  • EPSS 0.11%
  • Published 18.03.2020 17:15:11
  • Last modified 21.11.2024 04:34:38

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific...

4.4

CVE-2019-19335

  • EPSS 0.1%
  • Published 18.03.2020 16:15:11
  • Last modified 21.11.2024 04:34:35

During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, a...

7.5

CVE-2012-6685

Exploit
  • EPSS 0.32%
  • Published 19.02.2020 15:15:11
  • Last modified 21.11.2024 01:46:40

Nokogiri before 1.5.4 is vulnerable to XXE attacks

9.8

CVE-2014-0234

Exploit
  • EPSS 1.42%
  • Published 12.02.2020 01:15:10
  • Last modified 21.11.2024 02:01:43

The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in...

10

CVE-2013-2060

Exploit
  • EPSS 22.01%
  • Published 28.01.2020 16:15:11
  • Last modified 21.11.2024 01:50:57

The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.

6.5

CVE-2013-0196

Exploit
  • EPSS 0.11%
  • Published 30.12.2019 22:15:11
  • Last modified 21.11.2024 01:47:02

A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when reque...