Redhat

Openshift

166 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.36%
  • Veröffentlicht 16.10.2014 19:55:08
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.

  • EPSS 1.8%
  • Veröffentlicht 16.10.2014 19:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.

  • EPSS 1.74%
  • Veröffentlicht 16.10.2014 19:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.

  • EPSS 2.47%
  • Veröffentlicht 15.10.2014 14:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.

  • EPSS 2.13%
  • Veröffentlicht 15.10.2014 14:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • EPSS 5.09%
  • Veröffentlicht 20.06.2014 14:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in...

  • EPSS 0.38%
  • Veröffentlicht 05.05.2014 17:06:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information b...

  • EPSS 1.67%
  • Veröffentlicht 24.04.2014 14:55:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary ...

  • EPSS 2.79%
  • Veröffentlicht 08.02.2014 00:55:06
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF q...

  • EPSS 0.4%
  • Veröffentlicht 03.01.2014 18:54:11
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tm...