Redhat

Openshift

166 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.1%
  • Veröffentlicht 31.07.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 02:59:43

The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.

  • EPSS 0.99%
  • Veröffentlicht 16.07.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:14:08

The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.

  • EPSS 0.59%
  • Veröffentlicht 13.07.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:11

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

  • EPSS 1.64%
  • Veröffentlicht 05.07.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:13

In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, ...

  • EPSS 3.28%
  • Veröffentlicht 11.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:28

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A ...

  • EPSS 2.07%
  • Veröffentlicht 08.05.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:49

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jen...

  • EPSS 2.42%
  • Veröffentlicht 30.04.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:11

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.

  • EPSS 0.88%
  • Veröffentlicht 24.04.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:05

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing v...

  • EPSS 1.31%
  • Veröffentlicht 16.04.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:01:28

openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this ...

  • EPSS 0.56%
  • Veröffentlicht 11.04.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:32:06

OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing t...