Redhat ≫ Openshift

Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.

node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware

OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS

OpenShift cartridge allows remote URL retrieval

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.

OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.

A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and in...

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by ...