Redhat Openshift vulnerabilities

CVE-2012-6685 [HIGH] CWE-776 CVE-2012-6685: Nokogiri before 1.5.4 is vulnerable to XXE attacks Nokogiri before 1.5.4 is vulnerable to XXE attacks

CVE-2014-0234 [CRITICAL] CVE-2014-0234: The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a passwo The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.

CVE-2013-2060 [CRITICAL] CWE-78 CVE-2013-2060: The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary comm The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.

CVE-2013-0196 [MEDIUM] CWE-352 CVE-2013-0196: A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.

CVE-2014-0163 [HIGH] CWE-78 CVE-2014-0163: Openshift has shell command injection flaws due to unsanitized data being passed into shell commands Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.

CVE-2013-7370 [MEDIUM] CWE-79 CVE-2013-7370: node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware

CVE-2013-0163 [MEDIUM] CWE-668 CVE-2013-0163: OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate Do OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS

CVE-2012-6135 [HIGH] CWE-20 CVE-2012-6135: RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.

CVE-2013-5123 [MEDIUM] CWE-287 CVE-2013-5123: The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and au The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

CVE-2019-14845 [MEDIUM] CWE-494 CVE-2019-14845: A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source fr A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.

CVE-2019-3884 [MEDIUM] CWE-290 CVE-2019-3884: A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spo A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.

CVE-2019-5736 [HIGH] CWE-78 CVE-2019-5736: runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overw runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to whi

CVE-2018-14645 [HIGH] CWE-125 CVE-2018-14645: A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An ou A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.

CVE-2016-7075 [HIGH] CWE-295 CVE-2016-7075: It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 clie It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.

CVE-2016-8651 [LOW] CWE-20 CVE-2016-8651: An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.

CVE-2016-8631 [HIGH] CWE-20 CVE-2016-8631: The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.

CVE-2018-10875 [HIGH] CWE-426 CVE-2018-10875: A flaw was found in ansible. ansible.cfg is read from the current working directory which can be alt A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

CVE-2018-10885 [HIGH] CWE-20 CVE-2018-10885: In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshi In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.

CVE-2017-2611 [MEDIUM] CWE-358 CVE-2017-2611: Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additi

CVE-2018-1102 [HIGH] CWE-20 CVE-2018-1102: A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper p A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.