Redhat Openshift Container Platform vulnerabilities

CVE-2018-1000862 [MEDIUM] CWE-200 CVE-2018-1000862: An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier i An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace browser.

CVE-2018-18311 [CRITICAL] CWE-190 CVE-2018-18311: Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression t Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-1002105 [CRITICAL] CWE-388 CVE-2018-1002105: In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error resp In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the back

CVE-2018-19477 [HIGH] CWE-704 CVE-2018-19477: psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access r psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.

CVE-2018-19475 [HIGH] CVE-2018-19475: psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.

CVE-2018-19476 [HIGH] CWE-704 CVE-2018-19476: psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access rest psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.

CVE-2018-18559 [HIGH] CWE-362 CVE-2018-18559: In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_ In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister ac

CVE-2018-14645 [HIGH] CWE-125 CVE-2018-14645: A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An ou A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.

CVE-2018-3830 [MEDIUM] CWE-79 CVE-2018-3830: Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field f Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

CVE-2018-10937 [MEDIUM] CWE-79 CVE-2018-10937: A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.

CVE-2018-14632 [HIGH] CWE-787 CVE-2018-14632: An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.

CVE-2018-16540 [HIGH] CWE-416 CVE-2018-16540: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.

CVE-2016-1000232 [MEDIUM] CWE-20 CVE-2016-1000232: NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP reques NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.

CVE-2018-12115 [HIGH] CWE-787 CVE-2018-12115: In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recogni In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation

CVE-2017-15138 [MEDIUM] CWE-200 CVE-2017-15138: The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with s The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens.

CVE-2016-8651 [LOW] CWE-20 CVE-2016-8651: An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.

CVE-2017-12195 [MEDIUM] CWE-287 CVE-2017-12195: A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An a A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data

CVE-2018-13988 [MEDIUM] CWE-125 CVE-2018-13988: Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

CVE-2017-7481 [CRITICAL] CWE-20 CVE-2017-7481: Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not eval

CVE-2017-15137 [MEDIUM] CWE-20 CVE-2017-15137: The OpenShift image import whitelist failed to enforce restrictions correctly when running commands The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.