Redhat Openshift vulnerabilities

CVE-2018-1059 [MEDIUM] CWE-200 CVE-2018-1059: The DPDK vhost-user interface does not check to verify that all the requested guest physical range i The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

CVE-2016-9592 [MEDIUM] CWE-460 CVE-2016-9592: openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to det openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider

CVE-2017-7534 [MEDIUM] CWE-79 CVE-2017-7534: OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.

CVE-2018-1069 [HIGH] CWE-284 CVE-2018-1069: Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container netw Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.

CVE-2013-4364 [HIGH] CWE-59 CVE-2013-4364: (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in R (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.

CVE-2015-7501 [CRITICAL] CWE-502 CVE-2015-7501: Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualiza Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Ha

CVE-2015-0238 [LOW] CWE-200 CVE-2015-0238: selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing informa selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.

CVE-2015-7561 [LOW] CWE-264 CVE-2015-7561: Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.

CVE-2017-1000376 [HIGH] CWE-119 CVE-2017-1000376: libffi requests an executable stack allowing attackers to more easily trigger arbitrary code executi libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vuln

CVE-2016-5409 [HIGH] CWE-200 CVE-2016-5409: Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEA Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.

CVE-2016-5418 [HIGH] CWE-19 CVE-2016-5418: The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

CVE-2016-5766 [HIGH] CWE-190 CVE-2016-5766: Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) be Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimens

CVE-2016-5392 [MEDIUM] CWE-200 CVE-2016-5392: The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environ The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.

CVE-2016-2074 [CRITICAL] CWE-119 CVE-2016-2074: Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.

CVE-2016-3738 [HIGH] CWE-264 CVE-2016-3738: Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remot Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.

CVE-2016-2160 [HIGH] CWE-264 CVE-2016-2160: Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute co Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.

CVE-2016-3708 [HIGH] CWE-284 CVE-2016-3708: Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.

CVE-2016-2142 [MEDIUM] CWE-200 CVE-2016-2142: Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-co Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.

CVE-2016-2149 [MEDIUM] CWE-200 CVE-2016-2149: Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another na Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.

CVE-2016-3703 [MEDIUM] CWE-284 CVE-2016-3703: Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anony Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.