Vulnerabilities > Redhat > Openshift > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-17 | CVE-2017-7517 | Improper Input Validation vulnerability in Redhat Openshift 3.0 An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. | 3.5 |
| 2019-12-05 | CVE-2013-0163 | Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift 1.0/2.0 OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS | 2.1 |
| 2018-08-01 | CVE-2016-8651 | Improper Input Validation vulnerability in Redhat Openshift and Openshift Container Platform An input validation flaw was found in the way OpenShift 3 handles requests for images. | 3.5 |
| 2018-04-24 | CVE-2018-1059 | Information Exposure vulnerability in multiple products The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. | 2.9 |
| 2018-04-11 | CVE-2017-7534 | Cross-site Scripting vulnerability in Redhat Openshift OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. | 3.5 |
| 2017-09-26 | CVE-2015-0238 | Information Exposure vulnerability in Redhat Openshift 2.0 selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack. | 2.1 |
| 2017-08-07 | CVE-2015-7561 | Permissions, Privileges, and Access Controls vulnerability in multiple products Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | 3.5 |
| 2016-06-08 | CVE-2016-3711 | Information Exposure vulnerability in Redhat Openshift and Openshift Origin HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. | 3.3 |
| 2015-10-16 | CVE-2015-1807 | Path Traversal vulnerability in Jenkins Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts. | 3.5 |
| 2015-10-16 | CVE-2015-1808 | Improper Input Validation vulnerability in Jenkins Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data. | 3.5 |