Vulnerabilities > Redhat > Openshift Container Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-10 | CVE-2019-1003050 | Cross-site Scripting vulnerability in multiple products The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names. | 5.4 |
| 2019-04-10 | CVE-2019-1003049 | Insufficient Session Expiration vulnerability in multiple products Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches. | 8.1 |
| 2019-04-01 | CVE-2019-3876 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Openshift Container Platform A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. | 6.3 |
| 2019-04-01 | CVE-2019-1002101 | Link Following vulnerability in multiple products The kubectl cp command allows copying files between containers and the user machine. | 5.5 |
| 2019-04-01 | CVE-2019-1002100 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. | 6.5 |
| 2019-03-28 | CVE-2019-1003041 | Unsafe Reflection vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 9.8 |
| 2019-03-28 | CVE-2019-1003040 | Unsafe Reflection vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 9.8 |
| 2019-03-26 | CVE-2019-3826 | Cross-site Scripting vulnerability in multiple products A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. | 6.1 |
| 2019-03-25 | CVE-2019-7609 | Code Injection vulnerability in multiple products Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. | 10.0 |
| 2019-03-21 | CVE-2019-7221 | Use After Free vulnerability in multiple products The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. | 7.8 |