Vulnerabilities > Redhat > Openshift Container Platform > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-14 | CVE-2018-12207 | Improper Input Validation vulnerability in multiple products Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | 6.5 |
| 2019-11-05 | CVE-2019-10223 | Information Exposure vulnerability in multiple products A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. | 4.0 |
| 2019-09-04 | CVE-2019-15718 | In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. | 4.4 |
| 2019-08-28 | CVE-2019-10383 | Cross-site Scripting vulnerability in multiple products A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages. | 4.8 |
| 2019-08-02 | CVE-2019-10176 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Openshift Container Platform 3.11/4.1 A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. | 5.4 |
| 2019-07-31 | CVE-2019-10357 | Missing Authorization vulnerability in multiple products A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries. | 4.3 |
| 2019-07-17 | CVE-2019-10354 | Missing Authorization vulnerability in multiple products A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information. | 4.3 |
| 2019-07-11 | CVE-2019-3889 | Cross-site Scripting vulnerability in Redhat Openshift Container Platform A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. | 5.4 |
| 2019-06-12 | CVE-2019-10150 | Improper Authentication vulnerability in Redhat Openshift Container Platform It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. | 5.9 |
| 2019-04-23 | CVE-2019-2698 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). | 6.8 |