Filtered by vendor Redhat
Subscriptions
Filtered by product Openshift
Subscriptions
Total
1060 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-7608 | 2 Elastic, Redhat | 2 Kibana, Openshift | 2024-11-21 | N/A |
Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | ||||
CVE-2019-6648 | 2 F5, Redhat | 2 Container Ingress Service, Openshift | 2024-11-21 | 4.4 Medium |
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. | ||||
CVE-2019-5736 | 13 Apache, Canonical, D2iq and 10 more | 20 Mesos, Ubuntu Linux, Dc\/os and 17 more | 2024-11-21 | 8.6 High |
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. | ||||
CVE-2019-4239 | 2 Ibm, Redhat | 2 Cloud Private, Openshift | 2024-11-21 | 5.5 Medium |
IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465. | ||||
CVE-2019-3889 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | 5.4 Medium |
A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link. | ||||
CVE-2019-3884 | 1 Redhat | 1 Openshift | 2024-11-21 | 5.4 Medium |
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected. | ||||
CVE-2019-3876 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | 6.3 Medium |
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens. | ||||
CVE-2019-3826 | 2 Prometheus, Redhat | 3 Prometheus, Openshift, Openshift Container Platform | 2024-11-21 | N/A |
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts. | ||||
CVE-2019-3818 | 2 Kube-rbac-proxy Project, Redhat | 3 Kube-rbac-proxy, Openshift, Openshift Container Platform | 2024-11-21 | 7.5 High |
The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption. | ||||
CVE-2019-20922 | 2 Handlebarsjs, Redhat | 5 Handlebars, Jboss Enterprise Bpms Platform, Openshift and 2 more | 2024-11-21 | 7.5 High |
Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources. | ||||
CVE-2019-20920 | 2 Handlebarsjs, Redhat | 5 Handlebars, Jboss Enterprise Bpms Platform, Openshift and 2 more | 2024-11-21 | 8.1 High |
Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS). | ||||
CVE-2019-19921 | 5 Canonical, Debian, Linuxfoundation and 2 more | 8 Ubuntu Linux, Debian Linux, Runc and 5 more | 2024-11-21 | 7.0 High |
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) | ||||
CVE-2019-19355 | 1 Redhat | 1 Openshift | 2024-11-21 | 7 High |
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4. | ||||
CVE-2019-19354 | 1 Redhat | 3 Enterprise Linux, Openshift, Openshift Container Platform | 2024-11-21 | 7.8 High |
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | ||||
CVE-2019-19352 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | 7.0 High |
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | ||||
CVE-2019-19351 | 1 Redhat | 1 Openshift | 2024-11-21 | 7 High |
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11. | ||||
CVE-2019-19350 | 1 Redhat | 1 Openshift | 2024-11-21 | 7.8 High |
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | ||||
CVE-2019-19349 | 1 Redhat | 1 Openshift | 2024-11-21 | 7.8 High |
An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | ||||
CVE-2019-19348 | 1 Redhat | 1 Openshift | 2024-11-21 | 7 High |
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | ||||
CVE-2019-19346 | 1 Redhat | 1 Openshift | 2024-11-21 | 7 High |
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. |