Redhat Openshift Origin vulnerabilities

8 known vulnerabilities affecting redhat/openshift_origin.

Total CVEs

8

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH1MEDIUM4LOW2

Vulnerabilities

Page 1 of 1

CVE-2014-0084MEDIUMCVSS 5.5fixed in 2014-02-142019-11-21

CVE-2014-0084 [MEDIUM] CWE-20 CVE-2014-0084: Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could resu Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.

CVE-2014-3592MEDIUMCVSS 6.1≤ 2014-08-132019-11-13

CVE-2014-3592 [MEDIUM] CWE-79 CVE-2014-3592: OpenShift Origin: Improperly validated team names could allow stored XSS attacks OpenShift Origin: Improperly validated team names could allow stored XSS attacks

CVE-2015-5250MEDIUMCVSS 4.0v1.0.52015-09-08

CVE-2015-5250 [MEDIUM] CWE-20 CVE-2015-5250: The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (maste The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data.

CVE-2014-3496CRITICALCVSS 10.0v1.2.8v2.1+1 more2014-06-20

CVE-2014-3496 [CRITICAL] CWE-94 CVE-2014-3496: cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attacke cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.

CVE-2012-5646HIGHCVSS 7.5≤ 1.0.52013-02-24

CVE-2012-5646 [HIGH] CWE-20 CVE-2012-5646: node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attacke node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.

CVE-2012-5647MEDIUMCVSS 5.8≤ 1.0.52013-02-24

CVE-2012-5647 [MEDIUM] CWE-20 CVE-2012-5647: Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1. Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.

CVE-2013-0164LOWCVSS 3.6v1.0.52013-02-24

CVE-2013-0164 [LOW] CWE-264 CVE-2013-0164: The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

CVE-2012-5658LOWCVSS 2.1v1.0.52013-02-24

CVE-2012-5658 [LOW] CWE-310 CVE-2012-5658: rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the passwor rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.