Vulnerabilities > Redhat > Openshift

DATE CVE VULNERABILITY TITLE RISK
2020-03-18 CVE-2019-19355 Unspecified vulnerability in Redhat Openshift 4.0
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk.
local
high complexity
redhat
7.0
2020-03-18 CVE-2019-19351 Unspecified vulnerability in Redhat Openshift 3.11/4.0
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins.
local
high complexity
redhat
7.0
2020-03-18 CVE-2019-19335 Unspecified vulnerability in Redhat Openshift 4.0/4.2
During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files.
local
low complexity
redhat
4.4
2020-02-19 CVE-2012-6685 XML Entity Expansion vulnerability in multiple products
Nokogiri before 1.5.4 is vulnerable to XXE attacks
network
low complexity
nokogiri redhat CWE-776
7.5
2020-02-12 CVE-2014-0234 Insecure Default Initialization of Resource vulnerability in Redhat Openshift
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920.
network
low complexity
redhat CWE-1188
critical
9.8
2020-01-28 CVE-2013-2060 OS Command Injection vulnerability in Redhat Openshift 1.0
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.
network
low complexity
redhat CWE-78
critical
9.8
2019-12-30 CVE-2013-0196 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Openshift 1.2
A CSRF issue was found in OpenShift Enterprise 1.2.
network
low complexity
redhat CWE-352
6.5
2019-12-20 CVE-2016-1000229 Cross-site Scripting vulnerability in multiple products
swagger-ui has XSS in key names
network
low complexity
smartbear redhat CWE-79
6.1
2019-12-13 CVE-2014-0175 Use of Hard-coded Credentials vulnerability in multiple products
mcollective has a default password set at install
network
low complexity
puppet redhat debian CWE-798
critical
9.8
2019-12-11 CVE-2014-0163 OS Command Injection vulnerability in Redhat Openshift 1.0/2.0
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
network
low complexity
redhat CWE-78
8.8