Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Openshift Origin
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-3711 1 Redhat 2 Openshift, Openshift Origin 2024-11-21 2.1 LOW 3.3 LOW
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
CVE-2016-2160 1 Redhat 2 Openshift, Openshift Origin 2024-11-21 9.0 HIGH 8.8 HIGH
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.
CVE-2015-5250 1 Redhat 1 Openshift Origin 2024-11-21 4.0 MEDIUM N/A
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data.
CVE-2014-3592 1 Redhat 1 Openshift Origin 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
OpenShift Origin: Improperly validated team names could allow stored XSS attacks
CVE-2014-3496 1 Redhat 2 Openshift, Openshift Origin 2024-11-21 10.0 HIGH N/A
cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.
CVE-2014-0084 1 Redhat 1 Openshift Origin 2024-11-21 2.1 LOW 5.5 MEDIUM
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.
CVE-2013-0164 1 Redhat 2 Openshift, Openshift Origin 2024-11-21 3.6 LOW N/A
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
CVE-2012-5658 1 Redhat 2 Openshift, Openshift Origin 2024-11-21 2.1 LOW N/A
rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.
CVE-2012-5647 1 Redhat 2 Openshift, Openshift Origin 2024-11-21 5.8 MEDIUM N/A
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.
CVE-2012-5646 1 Redhat 2 Openshift, Openshift Origin 2024-11-21 7.5 HIGH N/A
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.