Vulnerabilities > Redhat > Openshift Container Platform

DATE CVE VULNERABILITY TITLE RISK
2019-08-13 CVE-2019-9515 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service.
7.5
2019-08-13 CVE-2019-9514 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service.
7.5
2019-08-02 CVE-2019-10176 Unspecified vulnerability in Redhat Openshift Container Platform 3.11/4.1
A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session.
network
low complexity
redhat
5.4
2019-07-31 CVE-2019-10357 Missing Authorization vulnerability in multiple products
A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries.
network
low complexity
jenkins redhat CWE-862
4.3
2019-07-31 CVE-2019-10356 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.
network
low complexity
jenkins redhat
8.8
2019-07-31 CVE-2019-10355 Incorrect Type Conversion or Cast vulnerability in multiple products
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.
network
low complexity
jenkins redhat CWE-704
8.8
2019-07-30 CVE-2019-10165 Information Exposure Through Log Files vulnerability in Redhat Openshift Container Platform
OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server.
local
low complexity
redhat CWE-532
2.3
2019-07-29 CVE-2019-14379 SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
network
low complexity
fasterxml debian netapp fedoraproject redhat oracle apple
critical
9.8
2019-07-19 CVE-2019-1010238 Out-of-bounds Write vulnerability in multiple products
Gnome Pango 1.42 and later is affected by: Buffer Overflow.
network
low complexity
gnome oracle fedoraproject debian canonical redhat CWE-787
critical
9.8
2019-07-17 CVE-2019-10354 Missing Authorization vulnerability in multiple products
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
network
low complexity
jenkins redhat CWE-862
4.3