Vulnerabilities > Redhat > Openshift > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-01 CVE-2019-3884 Unspecified vulnerability in Redhat Openshift
A vulnerability exists in the garbage collection mechanism of atomic-openshift.
network
low complexity
redhat
5.4
2018-07-16 CVE-2017-15137 Unspecified vulnerability in Redhat Openshift and Openshift Container Platform
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example.
network
low complexity
redhat
5.3
2018-05-11 CVE-2018-1257 Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module.
network
low complexity
vmware redhat oracle
6.5
2018-05-08 CVE-2017-2611 Incorrect Authorization vulnerability in multiple products
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389).
network
low complexity
jenkins redhat CWE-863
4.3
2018-04-24 CVE-2018-1059 Information Exposure vulnerability in multiple products
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations.
high complexity
canonical redhat dpdk CWE-200
6.1
2018-04-16 CVE-2016-9592 Resource Management Errors vulnerability in Redhat Openshift 3.2.1.23/3.3.1.11/3.4
openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error.
network
low complexity
redhat CWE-399
4.3
2018-04-11 CVE-2017-7534 Cross-site Scripting vulnerability in Redhat Openshift
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods.
network
low complexity
redhat CWE-79
5.4
2016-08-05 CVE-2016-5392 Information Exposure vulnerability in Redhat Openshift 3.2
The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.
network
low complexity
redhat CWE-200
6.5
2016-06-08 CVE-2016-3703 Improper Access Control vulnerability in Redhat Openshift 3.1/3.2
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.
network
high complexity
redhat CWE-284
5.3
2016-06-08 CVE-2016-2149 Information Exposure vulnerability in Redhat Openshift 3.2
Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.
network
low complexity
redhat CWE-200
6.5