Vulnerabilities > Redhat > Openshift Container Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2019-10176 Unspecified vulnerability in Redhat Openshift Container Platform 3.11/4.1
A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session.
network
low complexity
redhat
5.4
2019-07-31 CVE-2019-10357 Missing Authorization vulnerability in multiple products
A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries.
network
low complexity
jenkins redhat CWE-862
4.3
2019-07-17 CVE-2019-10354 Missing Authorization vulnerability in multiple products
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
network
low complexity
jenkins redhat CWE-862
4.3
2019-07-11 CVE-2019-3889 Unspecified vulnerability in Redhat Openshift Container Platform
A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11.
network
low complexity
redhat
5.4
2019-06-12 CVE-2019-10150 Unspecified vulnerability in Redhat Openshift Container Platform
It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds.
network
high complexity
redhat
5.9
2019-04-23 CVE-2019-2684 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI).
network
high complexity
oracle redhat opensuse debian apache canonical hp
5.9
2019-04-22 CVE-2019-11244 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-).
local
low complexity
kubernetes netapp redhat CWE-732
5.0
2019-04-10 CVE-2019-1003050 Cross-site Scripting vulnerability in multiple products
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.
network
low complexity
jenkins oracle redhat CWE-79
5.4
2019-04-01 CVE-2019-3876 Unspecified vulnerability in Redhat Openshift Container Platform
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections.
network
low complexity
redhat
6.3
2019-04-01 CVE-2019-1002101 Link Following vulnerability in multiple products
The kubectl cp command allows copying files between containers and the user machine.
local
low complexity
kubernetes redhat CWE-59
5.5