Vulnerabilities > Redhat > Openshift > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-05 | CVE-2018-10885 | Improper Input Validation vulnerability in Redhat Openshift In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. | 5.0 |
| 2018-05-11 | CVE-2018-1257 | Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. | 4.0 |
| 2018-05-08 | CVE-2017-2611 | Incorrect Authorization vulnerability in multiple products Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). | 4.0 |
| 2018-04-16 | CVE-2016-9592 | Resource Management Errors vulnerability in Redhat Openshift 3.2.1.23/3.3.1.11/3.4 openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. | 4.3 |
| 2018-03-09 | CVE-2018-1069 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift 3.7 Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. | 5.4 |
| 2017-04-20 | CVE-2016-5409 | Information Exposure vulnerability in Redhat Openshift 2.0 Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. | 5.0 |
| 2016-09-21 | CVE-2016-5418 | Improper Input Validation vulnerability in multiple products The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. | 5.0 |
| 2016-08-07 | CVE-2016-5766 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. | 6.8 |
| 2016-08-05 | CVE-2016-5392 | Information Exposure vulnerability in Redhat Openshift 3.2 The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list. | 6.5 |
| 2016-06-08 | CVE-2016-3703 | Improper Access Control vulnerability in Redhat Openshift 3.1/3.2 Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter. | 5.3 |