Openshift Container Platform

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-01	CVE-2019-3876	Cross-Site Request Forgery (CSRF) vulnerability in Redhat Openshift Container Platform A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. network low complexity redhat CWE-352	6.3
2019-04-01	CVE-2019-1002101	Link Following vulnerability in multiple products The kubectl cp command allows copying files between containers and the user machine. local low complexity kubernetes redhat CWE-59	5.5
2019-04-01	CVE-2019-1002100	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. network low complexity kubernetes redhat CWE-770	6.5
2019-03-28	CVE-2019-1003041	Unsafe Reflection vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. network low complexity jenkins redhat CWE-470 critical	9.8
2019-03-28	CVE-2019-1003040	Unsafe Reflection vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. network low complexity jenkins redhat CWE-470 critical	9.8
2019-03-26	CVE-2019-3826	Cross-site Scripting vulnerability in multiple products A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. network low complexity prometheus redhat CWE-79	6.1
2019-03-25	CVE-2019-7609	Code Injection vulnerability in multiple products Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. network low complexity elastic redhat CWE-94 critical	10.0
2019-03-21	CVE-2019-7221	Use After Free vulnerability in multiple products The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. local low complexity linux opensuse fedoraproject debian canonical netapp redhat CWE-416	7.8
2019-03-21	CVE-2018-20615	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. network low complexity haproxy opensuse canonical redhat CWE-125	7.5
2019-03-21	CVE-2018-12023	Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. network high complexity fasterxml debian fedoraproject oracle redhat CWE-502	7.5