Redhat: >> Openshift Origin Security Vulnerabilities
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-21
OpenShift Origin: Improperly validated team names could allow stored XSS attacks
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-13
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
CVSS Score
3.3
EPSS Score
0.001
Published
2016-06-08
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.
CVSS Score
8.8
EPSS Score
0.006
Published
2016-06-08
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data.
CVSS Score
4.0
EPSS Score
0.005
Published
2015-09-08
cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.
CVSS Score
10.0
EPSS Score
0.057
Published
2014-06-20
rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.
CVSS Score
2.1
EPSS Score
0.001
Published
2013-02-24
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
CVSS Score
3.6
EPSS Score
0.001
Published
2013-02-24
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.
CVSS Score
5.8
EPSS Score
0.005
Published
2013-02-24
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.
CVSS Score
7.5
EPSS Score
0.009
Published
2013-02-24
Page 1