Vulnerabilities > Redhat > Openshift > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-11 | CVE-2013-7370 | Cross-site Scripting vulnerability in multiple products node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | 4.3 |
| 2019-12-03 | CVE-2013-2103 | Improper Input Validation vulnerability in Redhat Openshift 1.0 OpenShift cartridge allows remote URL retrieval | 5.5 |
| 2019-11-19 | CVE-2012-6135 | Improper Input Validation vulnerability in multiple products RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. | 6.4 |
| 2019-11-15 | CVE-2014-0023 | Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | 4.6 |
| 2019-11-05 | CVE-2013-5123 | Improper Authentication vulnerability in multiple products The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | 4.3 |
| 2019-10-08 | CVE-2019-14845 | Download of Code Without Integrity Check vulnerability in Redhat Openshift A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. | 5.3 |
| 2019-09-04 | CVE-2019-6648 | Information Exposure Through Log Files vulnerability in multiple products On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. | 4.4 |
| 2019-08-01 | CVE-2019-3884 | Authentication Bypass by Spoofing vulnerability in Redhat Openshift A vulnerability exists in the garbage collection mechanism of atomic-openshift. | 5.4 |
| 2018-07-16 | CVE-2017-15137 | Improper Input Validation vulnerability in Redhat Openshift and Openshift Container Platform The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. | 5.3 |
| 2018-07-13 | CVE-2018-10875 | Untrusted Search Path vulnerability in multiple products A flaw was found in ansible. | 4.6 |