Vulnerabilities > Redhat > Openshift > 3.2

DATE CVE VULNERABILITY TITLE RISK
2016-08-05 CVE-2016-5392 Information Exposure vulnerability in Redhat Openshift 3.2
The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.
network
low complexity
redhat CWE-200
6.5
2016-06-08 CVE-2016-3738 Permissions, Privileges, and Access Controls vulnerability in Redhat Openshift 3.2
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.
network
low complexity
redhat CWE-264
8.8
2016-06-08 CVE-2016-3711 Information Exposure vulnerability in Redhat Openshift and Openshift Origin
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
local
low complexity
redhat CWE-200
3.3
2016-06-08 CVE-2016-3708 Improper Access Control vulnerability in Redhat Openshift 3.2
Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.
network
low complexity
redhat CWE-284
7.1
2016-06-08 CVE-2016-3703 Improper Access Control vulnerability in Redhat Openshift 3.1/3.2
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.
network
high complexity
redhat CWE-284
5.3
2016-06-08 CVE-2016-2160 Permissions, Privileges, and Access Controls vulnerability in Redhat Openshift and Openshift Origin
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.
network
low complexity
redhat CWE-264
8.8
2016-06-08 CVE-2016-2149 Information Exposure vulnerability in Redhat Openshift 3.2
Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.
network
low complexity
redhat CWE-200
6.5
2016-05-17 CVE-2016-3727 Information Exposure vulnerability in multiple products
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
network
low complexity
jenkins redhat CWE-200
4.3
2016-05-17 CVE-2016-3726 Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.
network
low complexity
jenkins redhat
7.4
2016-05-17 CVE-2016-3725 Permissions, Privileges, and Access Controls vulnerability in multiple products
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check.
network
low complexity
jenkins redhat CWE-264
4.3