Redhat: >> Openshift Origin >> 1.0.5 Security Vulnerabilities
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-21
OpenShift Origin: Improperly validated team names could allow stored XSS attacks
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-13
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data.
CVSS Score
4.0
EPSS Score
0.005
Published
2015-09-08
rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.
CVSS Score
2.1
EPSS Score
0.001
Published
2013-02-24
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
CVSS Score
3.6
EPSS Score
0.001
Published
2013-02-24
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.
CVSS Score
5.8
EPSS Score
0.005
Published
2013-02-24
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.
CVSS Score
7.5
EPSS Score
0.009
Published
2013-02-24