Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openshift
(Redhat)| Repositories |
• https://github.com/openshift/origin-server
• https://github.com/opencontainers/runc • https://github.com/jenkinsci/jenkins • https://github.com/libarchive/libarchive • https://github.com/php/php-src |
| #Vulnerabilities | 140 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-11-25 | CVE-2015-5318 | Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack. | Jenkins, Openshift | N/A | ||
| 2015-11-25 | CVE-2015-5317 | The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request. | Jenkins, Openshift | N/A | ||
| 2019-12-11 | CVE-2013-7370 | node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | Debian_linux, Opensuse, Openshift, Connect | N/A | ||
| 2019-12-11 | CVE-2014-0163 | Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. | Openshift | N/A | ||
| 2019-12-03 | CVE-2013-2103 | OpenShift cartridge allows remote URL retrieval | Openshift | N/A | ||
| 2019-12-05 | CVE-2013-0163 | OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS | Openshift | N/A | ||
| 2019-11-19 | CVE-2012-6135 | RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. | Passenger, Openshift | N/A | ||
| 2019-11-15 | CVE-2014-0023 | OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | Openshift | N/A | ||
| 2019-11-05 | CVE-2013-5123 | The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | Debian_linux, Fedora, Pip, Openshift, Software_collections, Virtualenv | N/A | ||
| 2018-07-05 | CVE-2018-10885 | In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster. | Openshift | 7.5 |