Redhat Openshift Container Platform vulnerabilities

CVE-2018-1000861 [CRITICAL] CWE-502 CVE-2018-1000861: A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.

CVE-2018-1000866 [HIGH] CWE-269 CVE-2018-1000866: A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/ A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privile

CVE-2018-1000865 [HIGH] CWE-269 CVE-2018-1000865: A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/s A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed.

CVE-2018-1000863 [HIGH] CWE-22 CVE-2018-1000863: A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in Us A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins.

CVE-2018-1000864 [MEDIUM] CWE-835 CVE-2018-1000864: A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in Cr A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.

CVE-2018-1000862 [MEDIUM] CWE-200 CVE-2018-1000862: An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier i An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace browser.

CVE-2018-18311 [CRITICAL] CWE-190 CVE-2018-18311: Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression t Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-1002105 [CRITICAL] CWE-388 CVE-2018-1002105: In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error resp In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the back

CVE-2018-19477 [HIGH] CWE-704 CVE-2018-19477: psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access r psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.

CVE-2018-19475 [HIGH] CVE-2018-19475: psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.

CVE-2018-19476 [HIGH] CWE-704 CVE-2018-19476: psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access rest psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.

CVE-2018-18559 [HIGH] CWE-362 CVE-2018-18559: In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_ In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister ac

CVE-2018-14645 [HIGH] CWE-125 CVE-2018-14645: A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An ou A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.

CVE-2018-3830 [MEDIUM] CWE-79 CVE-2018-3830: Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field f Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

CVE-2018-10937 [MEDIUM] CWE-79 CVE-2018-10937: A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.

CVE-2018-14632 [HIGH] CWE-787 CVE-2018-14632: An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.

CVE-2018-16540 [HIGH] CWE-416 CVE-2018-16540: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.

CVE-2016-1000232 [MEDIUM] CWE-20 CVE-2016-1000232: NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP reques NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.

CVE-2018-12115 [HIGH] CWE-787 CVE-2018-12115: In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recogni In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation

CVE-2017-15138 [MEDIUM] CWE-200 CVE-2017-15138: The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with s The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens.