Openshift Container Platform

DATE	CVE	VULNERABILITY TITLE	RISK
2019-07-11	CVE-2019-3889	Cross-site Scripting vulnerability in Redhat Openshift Container Platform A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. network low complexity redhat CWE-79	5.4
2019-07-09	CVE-2018-11307	Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. network low complexity fasterxml redhat oracle CWE-502 critical	9.8
2019-06-12	CVE-2019-10150	Improper Authentication vulnerability in Redhat Openshift Container Platform It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. network high complexity redhat CWE-287	5.9
2019-04-23	CVE-2019-2698	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). network oracle redhat debian opensuse canonical hp	6.8
2019-04-23	CVE-2019-2684	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). network high complexity oracle redhat opensuse debian apache canonical hp	5.9
2019-04-23	CVE-2019-2602	Resource Exhaustion vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). network low complexity oracle redhat opensuse canonical debian mcafee hp CWE-400	7.5
2019-04-22	CVE-2019-3899	DEPRECATED: Authentication Bypass Issues vulnerability in multiple products It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. network low complexity redhat heketi-project CWE-592 critical	9.8
2019-04-10	CVE-2019-1003050	Cross-site Scripting vulnerability in multiple products The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names. network low complexity jenkins oracle redhat CWE-79	5.4
2019-04-10	CVE-2019-1003049	Insufficient Session Expiration vulnerability in multiple products Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches. network high complexity jenkins redhat oracle CWE-613	8.1
2019-04-08	CVE-2019-0211	Use After Free vulnerability in multiple products In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. local low complexity apache fedoraproject canonical debian opensuse netapp redhat oracle CWE-416	7.8