Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Openshift
Total 171 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-1707 1 Redhat 1 Openshift 2024-02-28 4.4 MEDIUM 7.0 HIGH
A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
CVE-2019-19355 1 Redhat 1 Openshift 2024-02-28 4.4 MEDIUM 7.0 HIGH
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4.
CVE-2019-19351 1 Redhat 1 Openshift 2024-02-28 4.4 MEDIUM 7.0 HIGH
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.
CVE-2019-19348 1 Redhat 1 Openshift 2024-02-28 4.4 MEDIUM 7.0 HIGH
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
CVE-2020-1709 1 Redhat 1 Openshift 2024-02-28 4.6 MEDIUM 7.8 HIGH
A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
CVE-2012-6135 2 Phusion, Redhat 2 Passenger, Openshift 2024-02-28 6.4 MEDIUM 7.5 HIGH
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
CVE-2019-14845 1 Redhat 1 Openshift 2024-02-28 2.9 LOW 5.3 MEDIUM
A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.
CVE-2014-0175 3 Debian, Puppet, Redhat 3 Debian Linux, Marionette Collective, Openshift 2024-02-28 7.5 HIGH 9.8 CRITICAL
mcollective has a default password set at install
CVE-2014-0023 1 Redhat 1 Openshift 2024-02-28 4.6 MEDIUM 7.8 HIGH
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution
CVE-2013-5123 5 Debian, Fedoraproject, Pypa and 2 more 6 Debian Linux, Fedora, Pip and 3 more 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
CVE-2013-2103 1 Redhat 1 Openshift 2024-02-28 5.5 MEDIUM 8.1 HIGH
OpenShift cartridge allows remote URL retrieval
CVE-2012-6685 2 Nokogiri, Redhat 8 Nokogiri, Cloudforms Management Engine, Enterprise Mrg and 5 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
Nokogiri before 1.5.4 is vulnerable to XXE attacks
CVE-2013-0165 1 Redhat 1 Openshift 2024-02-28 7.5 HIGH 7.3 HIGH
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.
CVE-2016-1000229 2 Redhat, Smartbear 3 Jboss Fuse, Openshift, Swagger-ui 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
swagger-ui has XSS in key names
CVE-2013-2060 1 Redhat 1 Openshift 2024-02-28 10.0 HIGH 9.8 CRITICAL
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.
CVE-2013-0196 1 Redhat 2 Enterprise Linux, Openshift 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.
CVE-2014-0163 1 Redhat 1 Openshift 2024-02-28 9.0 HIGH 8.8 HIGH
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
CVE-2013-7370 4 Debian, Opensuse, Redhat and 1 more 4 Debian Linux, Opensuse, Openshift and 1 more 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
CVE-2013-0163 1 Redhat 1 Openshift 2024-02-28 2.1 LOW 5.5 MEDIUM
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
CVE-2014-0234 1 Redhat 1 Openshift 2024-02-28 7.5 HIGH 9.8 CRITICAL
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.