Vulnerabilities > Redhat > Openshift > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-16 | CVE-2020-10715 | Improper Input Validation vulnerability in Redhat Openshift A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. | 4.3 |
2020-04-13 | CVE-2020-1759 | A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. | 6.8 |
2020-03-18 | CVE-2019-19335 | Unspecified vulnerability in Redhat Openshift 4.0/4.2 During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. | 4.4 |
2019-12-30 | CVE-2013-0196 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Openshift 1.2 A CSRF issue was found in OpenShift Enterprise 1.2. | 6.5 |
2019-12-20 | CVE-2016-1000229 | Cross-site Scripting vulnerability in multiple products swagger-ui has XSS in key names | 6.1 |
2019-12-11 | CVE-2013-7370 | Cross-site Scripting vulnerability in multiple products node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | 6.1 |
2019-12-05 | CVE-2013-0163 | Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift 1.0/2.0 OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS | 5.5 |
2019-11-05 | CVE-2013-5123 | Improper Authentication vulnerability in multiple products The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | 5.9 |
2019-10-08 | CVE-2019-14845 | Unspecified vulnerability in Redhat Openshift A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. high complexity redhat | 5.3 |
2019-09-04 | CVE-2019-6648 | Information Exposure Through Log Files vulnerability in multiple products On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. | 4.4 |