Vulnerabilities > Redhat > Openshift
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-18 | CVE-2019-19351 | Incorrect Privilege Assignment vulnerability in Redhat Openshift 3.11/4.0 An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. | 7.0 |
| 2020-03-18 | CVE-2019-19335 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift 4.0/4.2 During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. | 4.4 |
| 2020-02-19 | CVE-2012-6685 | XML Entity Expansion vulnerability in multiple products Nokogiri before 1.5.4 is vulnerable to XXE attacks | 5.0 |
| 2020-02-12 | CVE-2014-0234 | Insecure Default Initialization of Resource vulnerability in Redhat Openshift The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. | 9.8 |
| 2020-01-28 | CVE-2013-2060 | OS Command Injection vulnerability in Redhat Openshift 1.0 The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. | 10.0 |
| 2019-12-30 | CVE-2013-0196 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Openshift 1.2 A CSRF issue was found in OpenShift Enterprise 1.2. | 6.5 |
| 2019-12-20 | CVE-2016-1000229 | Cross-site Scripting vulnerability in multiple products swagger-ui has XSS in key names | 4.3 |
| 2019-12-13 | CVE-2014-0175 | Use of Hard-coded Credentials vulnerability in multiple products mcollective has a default password set at install | 9.8 |
| 2019-12-11 | CVE-2014-0163 | OS Command Injection vulnerability in Redhat Openshift 1.0/2.0 Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. | 9.0 |
| 2019-12-11 | CVE-2013-7370 | Cross-site Scripting vulnerability in multiple products node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | 4.3 |