CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10885
https://notcve.org/view.php?id=CVE-2018-10885
In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster. En atomic-openshift en versiones anteriores a la 3.10.9 una configuración network-policy maliciosa puede provocar que Openshift Routing se cierre inesperadamente al emplear el plugin ovs-networkpolicy. Un atacante puede emplear este error para provocar un ataque de denegación de servicio (DoS) en un cluster de Openshift 3.9 o 3.7. • http://www.securityfocus.com/bid/104688 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4364
https://notcve.org/view.php?id=CVE-2013-4364
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. (1) oo-analytics-export y (2) oo-analytics-import en el paquete openshift-origin-broker-util en Red Hat OpenShift Enterprise 1 y 2 permiten que los usuarios locales provoquen un impacto sin especificar mediante un ataque symlink en un archivo no especificado en /tmp. • https://bugzilla.redhat.com/show_bug.cgi?id=1009734 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7538 – jenkins: CSRF protection ineffective (SECURITY-233)
https://notcve.org/view.php?id=CVE-2015-7538
Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors. Jenkins en versiones anteriores a 1.640 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos eludir el mecanismo de protección CSRF a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2016-0489.html https://access.redhat.com/errata/RHSA-2016:0070 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09 https://access.redhat.com/security/cve/CVE-2015-7538 https://bugzilla.redhat.com/show_bug.cgi?id=1291797 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7537 – jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)
https://notcve.org/view.php?id=CVE-2015-7537
Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method. Vulnerabilidad de CSRF en Jenkins en versiones anteriores a 1.640 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos secuestrar la autenticación de los administradores en peticiones que tienen un impacto no especificado a través de vectores relacionados con el método HTTP GET. • http://rhn.redhat.com/errata/RHSA-2016-0489.html https://access.redhat.com/errata/RHSA-2016:0070 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09 https://access.redhat.com/security/cve/CVE-2015-7537 https://bugzilla.redhat.com/show_bug.cgi?id=1291795 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 4%CPEs: 4EXPL: 0CVE-2015-5317 – Jenkins User Interface (UI) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-5317
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request. Las páginas Fingerprints en Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 podrían permitir a atacantes remotos obtener trabajo sensible y construir la información de nombre a través de una petición directa. Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages. • http://rhn.redhat.com/errata/RHSA-2016-0489.html https://access.redhat.com/errata/RHSA-2016:0070 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 https://access.redhat.com/security/cve/CVE-2015-5317 https://bugzilla.redhat.com/show_bug.cgi?id=1282359 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •