Search criteria
30 vulnerabilities found for openshift_origin by redhat
FKIE_CVE-2014-0084
Vulnerability from fkie_nvd - Published: 2019-11-21 15:15 - Updated: 2024-11-21 02:01
Severity ?
Summary
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | openshift_origin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_origin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7D3103-2733-4A70-9E31-049706C8BCDF",
"versionEndExcluding": "2014-02-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly."
},
{
"lang": "es",
"value": "La gema openshift-origin-node de Ruby antes del 14-02-2014, no contiene un tiempo de espera en cronjob lo que podr\u00eda resultar en una denegaci\u00f3n de servicio en cron.daily y cron.weekly."
}
],
"id": "CVE-2014-0084",
"lastModified": "2024-11-21T02:01:19.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-21T15:15:11.853",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3592
Vulnerability from fkie_nvd - Published: 2019-11-13 16:15 - Updated: 2024-11-21 02:08
Severity ?
Summary
OpenShift Origin: Improperly validated team names could allow stored XSS attacks
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2014-3592 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3592 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2014-3592 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3592 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | openshift_origin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_origin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C20860C4-F19A-451D-916B-CEB0106BA51B",
"versionEndIncluding": "2014-08-13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenShift Origin: Improperly validated team names could allow stored XSS attacks"
},
{
"lang": "es",
"value": "OpenShift Origin: los nombres de equipo validados inapropiadamente podr\u00edan permitir ataques de tipo XSS almacenados."
}
],
"id": "CVE-2014-3592",
"lastModified": "2024-11-21T02:08:27.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-13T16:15:10.830",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2014-3592"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2014-3592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3592"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-3711
Vulnerability from fkie_nvd - Published: 2016-06-08 17:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | openshift | 3.2 | |
| redhat | openshift_origin | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_origin:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01B75475-8415-46F8-A5B8-323527336611",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the \"OPENSHIFT_[namespace]_SERVERID\" cookie."
},
{
"lang": "es",
"value": "HAproxy en Red Hat OpenShift Enterprise 3.2 y OpenShift Origin permite a usuarios locales obtener la direcci\u00f3n IP interna de un pod leyendo la cookie \"OPENSHIFT_[namespace]_SERVERID\"."
}
],
"id": "CVE-2016-3711",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-08T17:59:06.737",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1064"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openshift/origin/pull/8334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openshift/origin/pull/8334"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-2160
Vulnerability from fkie_nvd - Published: 2016-06-08 17:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | openshift_origin | - | |
| redhat | openshift | 3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_origin:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01B75475-8415-46F8-A5B8-323527336611",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image."
},
{
"lang": "es",
"value": "Red Hat OpenShift Enterprise 3.2 y OpenShift Origin permiten a usuarios remotos autenticados ejecutar comandos con privilegios de root cambiando la contrase\u00f1a de root en una imagen builder sti."
}
],
"id": "CVE-2016-2160",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-08T17:59:03.250",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1064"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316127"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openshift/origin/pull/7864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openshift/origin/pull/7864"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-5250
Vulnerability from fkie_nvd - Published: 2015-09-08 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | openshift_origin | 1.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_origin:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D94C104-7375-4D23-97F7-E9B861A70E1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data."
},
{
"lang": "es",
"value": "Vulnerabilidad en el servidor API en OpenShift Origin 1.0.5, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del proceso maestro) a trav\u00e9s de datos JSON manipulados."
}
],
"id": "CVE-2015-5250",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-09-08T15:59:07.797",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2015:1736"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259867"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/openshift/origin/issues/4374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2015:1736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/openshift/origin/issues/4374"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3496
Vulnerability from fkie_nvd - Published: 2014-06-20 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | openshift | 1.2.8 | |
| redhat | openshift | 2.0 | |
| redhat | openshift | 2.0.1 | |
| redhat | openshift | 2.0.2 | |
| redhat | openshift | 2.0.3 | |
| redhat | openshift | 2.0.4 | |
| redhat | openshift | 2.0.5 | |
| redhat | openshift | 2.0.6 | |
| redhat | openshift | 2.1 | |
| redhat | openshift | 2.1.1 | |
| redhat | openshift_origin | 1.2.8 | |
| redhat | openshift_origin | 2.1 | |
| redhat | openshift_origin | 2.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift:1.2.8:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "8B150884-E0B1-419B-B085-BFA29FA880FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:2.0.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "7405F776-4F1C-467A-AC66-5AABBE43411B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:2.0.2:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "437AB2B0-0175-4E48-A1A5-6723C97F3253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:2.0.3:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "BA5E9EB2-607B-43A7-A75F-CA171529B9E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:2.0.4:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "582D97B4-ADBC-485D-B00F-AD9F3566F711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:2.0.5:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "AB204392-8CE0-4B3B-9399-F6B83EB9006F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:2.0.6:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "7D84F1EB-5654-4B52-92E3-5DA10F97CA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:2.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "AC659BB6-CD01-4F4A-BFBC-227A52ECB391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:2.1.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "A463CF4B-2010-4AB5-9275-020BF53B5FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_origin:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A7EA05E8-A168-428B-A884-94FDC8FA9718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_origin:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22826952-47F5-4C1B-8A8B-35E089B84C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_origin:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F656F4-7B39-4318-A231-E01C0B6ABE0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file."
},
{
"lang": "es",
"value": "cartridge_repository.rb en OpenShift Origin and Enterprise 1.2.8 hasta 2.1.1 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en una Url de fuente que termina con una extensi\u00f3n de fichero (1) .tar.gz, (2) .zip, (3) .tgz o (4) .tar en un fichero del manifiesto de cartuchos."
}
],
"id": "CVE-2014-3496",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-20T14:55:07.030",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0762.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0763.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0764.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59298"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110470"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openshift/origin-server/pull/5521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0762.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0763.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0764.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openshift/origin-server/pull/5521"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-0164
Vulnerability from fkie_nvd - Published: 2013-02-24 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | openshift | * | |
| redhat | openshift_origin | 1.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift:*:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "7D4E1F6B-34CD-4926-88A3-E440846BF387",
"versionEndIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_origin:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D94C104-7375-4D23-97F7-E9B861A70E1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp."
},
{
"lang": "es",
"value": "La funci\u00f3n \"lockwrap\" en port-proxy/bin/openshift-port-proxy-cfg en Red Hat OpenShift Origin anterior a v1.1 permite a usuarios locales sobrescribir archivos arbitrarios mediante un ataque de enlaces simb\u00f3licos en un archivo temporal con un nombre predecible en /tmp."
}
],
"id": "CVE-2013-0164",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-24T22:55:01.300",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=893307"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openshift/origin-server/pull/1136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=893307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openshift/origin-server/pull/1136"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-5658
Vulnerability from fkie_nvd - Published: 2013-02-24 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | openshift | * | |
| redhat | openshift_origin | 1.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift:*:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "7D4E1F6B-34CD-4926-88A3-E440846BF387",
"versionEndIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_origin:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D94C104-7375-4D23-97F7-E9B861A70E1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels."
},
{
"lang": "es",
"value": "RHC-chk.rb en Red Hat OpenShift Origin anterior a v1,1, cuando -d (modo de depuraci\u00f3n) se utiliza, muestra la contrase\u00f1a y otra informaci\u00f3n confidencial en texto plano, lo que permite a atacantes dependientes del contexto obtener informaci\u00f3n sensible, como se ha demostrado mediante la inclusi\u00f3n de archivos de registro o reportes de Bugzilla en los canales de ayuda."
}
],
"id": "CVE-2012-5658",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-24T22:55:01.033",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=889062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=889062"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-5647
Vulnerability from fkie_nvd - Published: 2013-02-24 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | openshift | 1.0 | |
| redhat | openshift_origin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift:1.0:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "6D63189E-7BFC-438B-A583-1901BBC15CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_origin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4086F4-8220-4036-B579-047F501BD5FD",
"versionEndIncluding": "1.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n en node-util/www/html/restorer.php en Red Hat OpenShift Origin anterior a v1.0.5-3 permite a atacantes remotos redirigir usuarios a sitios Web Arbitrarios y llevar a cabo ataques de phishing mediante una URL en el PATH_INFO."
}
],
"id": "CVE-2012-5647",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-02-24T21:55:01.003",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0148.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/89430"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57189"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=888523"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openshift/origin-server/pull/1017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0148.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/89430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=888523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openshift/origin-server/pull/1017"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-5646
Vulnerability from fkie_nvd - Published: 2013-02-24 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | openshift | 1.0 | |
| redhat | openshift_origin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift:1.0:-:enterprise:*:*:*:*:*",
"matchCriteriaId": "6D63189E-7BFC-438B-A583-1901BBC15CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_origin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4086F4-8220-4036-B579-047F501BD5FD",
"versionEndIncluding": "1.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO."
},
{
"lang": "es",
"value": "node-util/www/html/restorer.php en Red Hat OpenShift Origin anterior a v1.0.5-3 permite a atacantes remotos ejecutar comandos arbitrarios mediante un uuid falsificado en el PATH_INFO."
}
],
"id": "CVE-2012-5646",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-24T21:55:00.957",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0148.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/89431"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57189"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=888518"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openshift/origin-server/pull/1017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0148.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/89431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=888518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openshift/origin-server/pull/1017"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-0084 (GCVE-0-2014-0084)
Vulnerability from cvelistv5 – Published: 2019-11-21 14:04 – Updated: 2024-08-06 09:05
VLAI?
Summary
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rubygem-openshift-origin-node | rubygem-openshift-origin-node |
Affected:
through 2014-02-14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rubygem-openshift-origin-node",
"vendor": "rubygem-openshift-origin-node",
"versions": [
{
"status": "affected",
"version": "through 2014-02-14"
}
]
}
],
"datePublic": "2014-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T14:04:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0084",
"datePublished": "2019-11-21T14:04:01",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3592 (GCVE-0-2014-3592)
Vulnerability from cvelistv5 – Published: 2019-11-13 15:33 – Updated: 2024-08-06 10:50
VLAI?
Summary
OpenShift Origin: Improperly validated team names could allow stored XSS attacks
Severity ?
No CVSS data available.
CWE
- XSS in team name
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenShift Origin | OpenShift Origin |
Affected:
through 2014-08-13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3592"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2014-3592"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenShift Origin",
"vendor": "OpenShift Origin",
"versions": [
{
"status": "affected",
"version": "through 2014-08-13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenShift Origin: Improperly validated team names could allow stored XSS attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS in team name",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-13T15:33:47",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3592"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2014-3592"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3592",
"datePublished": "2019-11-13T15:33:47",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2160 (GCVE-0-2016-2160)
Vulnerability from cvelistv5 – Published: 2016-06-08 17:00 – Updated: 2024-08-05 23:17
VLAI?
Summary
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin/pull/7864"
},
{
"name": "RHSA-2016:1064",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-08T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin/pull/7864"
},
{
"name": "RHSA-2016:1064",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316127"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2160",
"datePublished": "2016-06-08T17:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3711 (GCVE-0-2016-3711)
Vulnerability from cvelistv5 – Published: 2016-06-08 17:00 – Updated: 2024-08-06 00:03
VLAI?
Summary
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:03:34.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:1064",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin/pull/8334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the \"OPENSHIFT_[namespace]_SERVERID\" cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-08T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:1064",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin/pull/8334"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-3711",
"datePublished": "2016-06-08T17:00:00",
"dateReserved": "2016-03-30T00:00:00",
"dateUpdated": "2024-08-06T00:03:34.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5250 (GCVE-0-2015-5250)
Vulnerability from cvelistv5 – Published: 2015-09-08 15:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:08.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin/issues/4374"
},
{
"name": "RHSA-2015:1736",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2015:1736"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259867"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-09-08T14:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin/issues/4374"
},
{
"name": "RHSA-2015:1736",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2015:1736"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259867"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5250",
"datePublished": "2015-09-08T15:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:08.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3496 (GCVE-0-2014-3496)
Vulnerability from cvelistv5 – Published: 2014-06-20 14:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin-server/pull/5521"
},
{
"name": "RHSA-2014:0764",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0764.html"
},
{
"name": "RHSA-2014:0762",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0762.html"
},
{
"name": "RHSA-2014:0763",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0763.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-05T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "59298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin-server/pull/5521"
},
{
"name": "RHSA-2014:0764",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0764.html"
},
{
"name": "RHSA-2014:0762",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0762.html"
},
{
"name": "RHSA-2014:0763",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0763.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110470"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3496",
"datePublished": "2014-06-20T14:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5658 (GCVE-0-2012-5658)
Vulnerability from cvelistv5 – Published: 2013-02-24 22:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=889062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-24T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=889062"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5658",
"datePublished": "2013-02-24T22:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-08-06T21:14:16.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0164 (GCVE-0-2013-0164)
Vulnerability from cvelistv5 – Published: 2013-02-24 22:00 – Updated: 2024-08-06 14:18
VLAI?
Summary
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2"
},
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin-server/pull/1136"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=893307"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-24T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2"
},
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin-server/pull/1136"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=893307"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0164",
"datePublished": "2013-02-24T22:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T14:18:09.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5646 (GCVE-0-2012-5646)
Vulnerability from cvelistv5 – Published: 2013-02-24 21:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=888518"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin-server/pull/1017"
},
{
"name": "89431",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/89431"
},
{
"name": "RHSA-2013:0148",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0148.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00"
},
{
"name": "57189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-24T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=888518"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin-server/pull/1017"
},
{
"name": "89431",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/89431"
},
{
"name": "RHSA-2013:0148",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0148.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00"
},
{
"name": "57189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57189"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5646",
"datePublished": "2013-02-24T21:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-08-06T21:14:16.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5647 (GCVE-0-2012-5647)
Vulnerability from cvelistv5 – Published: 2013-02-24 21:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin-server/pull/1017"
},
{
"name": "89430",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/89430"
},
{
"name": "RHSA-2013:0148",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0148.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=888523"
},
{
"name": "57189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-24T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin-server/pull/1017"
},
{
"name": "89430",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/89430"
},
{
"name": "RHSA-2013:0148",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0148.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=888523"
},
{
"name": "57189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57189"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5647",
"datePublished": "2013-02-24T21:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-08-06T21:14:16.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0084 (GCVE-0-2014-0084)
Vulnerability from nvd – Published: 2019-11-21 14:04 – Updated: 2024-08-06 09:05
VLAI?
Summary
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rubygem-openshift-origin-node | rubygem-openshift-origin-node |
Affected:
through 2014-02-14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rubygem-openshift-origin-node",
"vendor": "rubygem-openshift-origin-node",
"versions": [
{
"status": "affected",
"version": "through 2014-02-14"
}
]
}
],
"datePublic": "2014-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T14:04:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0084",
"datePublished": "2019-11-21T14:04:01",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3592 (GCVE-0-2014-3592)
Vulnerability from nvd – Published: 2019-11-13 15:33 – Updated: 2024-08-06 10:50
VLAI?
Summary
OpenShift Origin: Improperly validated team names could allow stored XSS attacks
Severity ?
No CVSS data available.
CWE
- XSS in team name
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenShift Origin | OpenShift Origin |
Affected:
through 2014-08-13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3592"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2014-3592"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenShift Origin",
"vendor": "OpenShift Origin",
"versions": [
{
"status": "affected",
"version": "through 2014-08-13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenShift Origin: Improperly validated team names could allow stored XSS attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS in team name",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-13T15:33:47",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3592"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2014-3592"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3592",
"datePublished": "2019-11-13T15:33:47",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2160 (GCVE-0-2016-2160)
Vulnerability from nvd – Published: 2016-06-08 17:00 – Updated: 2024-08-05 23:17
VLAI?
Summary
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin/pull/7864"
},
{
"name": "RHSA-2016:1064",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-08T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin/pull/7864"
},
{
"name": "RHSA-2016:1064",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316127"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2160",
"datePublished": "2016-06-08T17:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3711 (GCVE-0-2016-3711)
Vulnerability from nvd – Published: 2016-06-08 17:00 – Updated: 2024-08-06 00:03
VLAI?
Summary
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:03:34.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:1064",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin/pull/8334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the \"OPENSHIFT_[namespace]_SERVERID\" cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-08T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:1064",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin/pull/8334"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-3711",
"datePublished": "2016-06-08T17:00:00",
"dateReserved": "2016-03-30T00:00:00",
"dateUpdated": "2024-08-06T00:03:34.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5250 (GCVE-0-2015-5250)
Vulnerability from nvd – Published: 2015-09-08 15:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:08.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin/issues/4374"
},
{
"name": "RHSA-2015:1736",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2015:1736"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259867"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-09-08T14:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin/issues/4374"
},
{
"name": "RHSA-2015:1736",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2015:1736"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259867"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5250",
"datePublished": "2015-09-08T15:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:08.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3496 (GCVE-0-2014-3496)
Vulnerability from nvd – Published: 2014-06-20 14:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin-server/pull/5521"
},
{
"name": "RHSA-2014:0764",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0764.html"
},
{
"name": "RHSA-2014:0762",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0762.html"
},
{
"name": "RHSA-2014:0763",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0763.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-05T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "59298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin-server/pull/5521"
},
{
"name": "RHSA-2014:0764",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0764.html"
},
{
"name": "RHSA-2014:0762",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0762.html"
},
{
"name": "RHSA-2014:0763",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0763.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110470"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3496",
"datePublished": "2014-06-20T14:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5658 (GCVE-0-2012-5658)
Vulnerability from nvd – Published: 2013-02-24 22:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=889062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-24T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=889062"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5658",
"datePublished": "2013-02-24T22:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-08-06T21:14:16.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0164 (GCVE-0-2013-0164)
Vulnerability from nvd – Published: 2013-02-24 22:00 – Updated: 2024-08-06 14:18
VLAI?
Summary
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2"
},
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin-server/pull/1136"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=893307"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-24T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2"
},
{
"name": "RHSA-2013:0220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin-server/pull/1136"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=893307"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0164",
"datePublished": "2013-02-24T22:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T14:18:09.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5646 (GCVE-0-2012-5646)
Vulnerability from nvd – Published: 2013-02-24 21:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=888518"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin-server/pull/1017"
},
{
"name": "89431",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/89431"
},
{
"name": "RHSA-2013:0148",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0148.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00"
},
{
"name": "57189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-24T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=888518"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin-server/pull/1017"
},
{
"name": "89431",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/89431"
},
{
"name": "RHSA-2013:0148",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0148.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00"
},
{
"name": "57189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57189"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5646",
"datePublished": "2013-02-24T21:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-08-06T21:14:16.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5647 (GCVE-0-2012-5647)
Vulnerability from nvd – Published: 2013-02-24 21:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin-server/pull/1017"
},
{
"name": "89430",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/89430"
},
{
"name": "RHSA-2013:0148",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0148.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=888523"
},
{
"name": "57189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-24T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin-server/pull/1017"
},
{
"name": "89430",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/89430"
},
{
"name": "RHSA-2013:0148",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0148.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=888523"
},
{
"name": "57189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57189"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5647",
"datePublished": "2013-02-24T21:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-08-06T21:14:16.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}