Vulnerabilities > Redhat > Openshift > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-10715 Improper Input Validation vulnerability in Redhat Openshift
A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x.
network
low complexity
redhat CWE-20
4.3
2020-04-13 CVE-2020-1759 A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session.
network
high complexity
redhat linuxfoundation fedoraproject
6.8
2020-03-18 CVE-2019-19335 Unspecified vulnerability in Redhat Openshift 4.0/4.2
During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files.
local
low complexity
redhat
4.4
2019-12-30 CVE-2013-0196 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Openshift 1.2
A CSRF issue was found in OpenShift Enterprise 1.2.
network
low complexity
redhat CWE-352
6.5
2019-12-20 CVE-2016-1000229 Cross-site Scripting vulnerability in multiple products
swagger-ui has XSS in key names
network
low complexity
smartbear redhat CWE-79
6.1
2019-12-11 CVE-2013-7370 Cross-site Scripting vulnerability in multiple products
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
network
low complexity
redhat sencha opensuse debian CWE-79
6.1
2019-12-05 CVE-2013-0163 Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift 1.0/2.0
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
local
low complexity
redhat CWE-668
5.5
2019-11-05 CVE-2013-5123 Improper Authentication vulnerability in multiple products
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
network
high complexity
pypa virtualenv fedoraproject redhat debian CWE-287
5.9
2019-10-08 CVE-2019-14845 Unspecified vulnerability in Redhat Openshift
A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3.
high complexity
redhat
5.3
2019-09-04 CVE-2019-6648 Information Exposure Through Log Files vulnerability in multiple products
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.
local
low complexity
f5 redhat CWE-532
4.4