Vulnerabilities > Redhat > Openshift > 2.0.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-30 | CVE-2021-3636 | Improper Authentication vulnerability in Redhat Openshift It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. | 4.6 |
| 2021-06-02 | CVE-2020-35514 | Incorrect Privilege Assignment vulnerability in Redhat Openshift An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. | 4.4 |
| 2021-05-27 | CVE-2020-1761 | Unspecified vulnerability in Redhat Openshift A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. network redhat | 4.3 |
| 2020-04-02 | CVE-2019-19348 | Improper Privilege Management vulnerability in Redhat Openshift An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. | 7.0 |
| 2020-04-02 | CVE-2019-19346 | Improper Privilege Management vulnerability in Redhat Openshift An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . | 7.0 |
| 2020-02-12 | CVE-2014-0234 | Insecure Default Initialization of Resource vulnerability in Redhat Openshift The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. | 9.8 |
| 2018-07-05 | CVE-2018-10885 | Improper Input Validation vulnerability in Redhat Openshift In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. | 5.0 |
| 2016-02-03 | CVE-2015-7538 | Security Bypass vulnerability in Jenkins Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors. | 6.8 |
| 2016-02-03 | CVE-2015-7537 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method. | 6.8 |
| 2015-11-25 | CVE-2015-5326 | Cross-site Scripting vulnerability in Jenkins Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message. | 4.3 |