CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0068
https://notcve.org/view.php?id=CVE-2014-0068
It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. Se ha reportado que watchman en openshift node-utils crea /var/run/watchman.pid y /var/log/watchman.ouput con permiso de escritura mundial • https://bugzilla.redhat.com/show_bug.cgi?id=1064100 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0084
https://notcve.org/view.php?id=CVE-2014-0084
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly. La gema openshift-origin-node de Ruby antes del 14-02-2014, no contiene un tiempo de espera en cronjob lo que podría resultar en una denegación de servicio en cron.daily y cron.weekly. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-3592
https://notcve.org/view.php?id=CVE-2014-3592
OpenShift Origin: Improperly validated team names could allow stored XSS attacks OpenShift Origin: los nombres de equipo validados inapropiadamente podrían permitir ataques de tipo XSS almacenados. • https://access.redhat.com/security/cve/cve-2014-3592 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3592 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2160 – Privilege escalation when changing root password in sti builder image
https://notcve.org/view.php?id=CVE-2016-2160
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. Red Hat OpenShift Enterprise 3.2 y OpenShift Origin permiten a usuarios remotos autenticados ejecutar comandos con privilegios de root cambiando la contraseña de root en una imagen builder sti. A flaw was found in the building of containers within OpenShift Enterprise. An attacker could submit an image for building that executes commands within the container as root, allowing them to potentially escalate privileges. • https://access.redhat.com/errata/RHSA-2016:1064 https://bugzilla.redhat.com/show_bug.cgi?id=1316127 https://github.com/openshift/origin/pull/7864 https://access.redhat.com/security/cve/CVE-2016-2160 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3711 – haproxy: Setting cookie containing internal IP address of a pod
https://notcve.org/view.php?id=CVE-2016-3711
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. HAproxy en Red Hat OpenShift Enterprise 3.2 y OpenShift Origin permite a usuarios locales obtener la dirección IP interna de un pod leyendo la cookie "OPENSHIFT_[namespace]_SERVERID". An information disclosure flaw was discovered in haproxy as used by OpenShift Enterprise; a cookie with the name "OPENSHIFT_[namespace]_SERVERID" was set, which contained the internal IP address of a pod. • https://access.redhat.com/errata/RHSA-2016:1064 https://github.com/openshift/origin/pull/8334 https://access.redhat.com/security/cve/CVE-2016-3711 https://bugzilla.redhat.com/show_bug.cgi?id=1322718 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •