Redhat: >> Openshift >> 2.0 Security Vulnerabilities
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
CVSS Score
6.1
EPSS Score
0.011
Published
2019-12-11
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
CVSS Score
5.5
EPSS Score
0.001
Published
2019-12-05
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
CVSS Score
5.9
EPSS Score
0.129
Published
2019-11-05
In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-07-05
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.
CVSS Score
4.3
EPSS Score
0.002
Published
2018-05-08
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-01-08
selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.
CVSS Score
3.3
EPSS Score
0.0
Published
2017-09-26
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.
CVSS Score
7.0
EPSS Score
0.007
Published
2017-06-19
Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-04-20
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
CVSS Score
8.8
EPSS Score
0.046
Published
2016-08-07