CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-19350
https://notcve.org/view.php?id=CVE-2019-19350
24 Mar 2021 — An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en openshift/ansible-service-broker como es enviado en Red Hat Openshift versiones 4 y 3.11. Un atacante con acceso al contenedor podría usar este fallo ... • https://bugzilla.redhat.com/show_bug.cgi?id=1791534 • CWE-266: Incorrect Privilege Assignment •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10715 – openshift/console: text injection on error page via crafted url
https://notcve.org/view.php?id=CVE-2020-10715
28 Jul 2020 — A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate. Se encontró una vulnerabilidad de suplantación de contenido en openshift/console versiones 3.11 y 4.x. Este fallo permite a un atacante crear una URL e inyectar texto arbitrario en la página de error que pare... • https://bugzilla.redhat.com/show_bug.cgi?id=1767665 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-1709 – openshift/mediawiki: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2020-1709
13 Mar 2020 — A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se detectó una vulnerabilidad en todas las versiones de openshift/mediawiki 4.x.x anteriores a 4.3.0, donde se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en openshift/med... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19345 – openshift/mediawiki-apb: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2019-19345
04 Mar 2020 — A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se detectó una vulnerabilidad en todas las versiones de openshift/mediawiki-apb 4.x.x anteriores a 4.3.0, donde se encontró una vulnerabilidad de modificación no segura en el archivo /etc/p... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19346 – openshift/mariadb-apb: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2019-19346
04 Mar 2020 — An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/mariadb-apb, que afecta a las versiones anteriores a las siguientes 4.3.5, 4.2.21, 4.1.37 y 3.11... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19348 – openshift/apb-base: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2019-19348
04 Mar 2020 — An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/apb-base, que afecta a las versiones anteriores a las siguientes 4.3.5, 4.2.21, 4.1.37 y 3.11.188-4.... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19351 – openshift/jenkins: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2019-19351
25 Feb 2020 — An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11. Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/jenkins. Un atacante con acceso al contenedor podría usar este fallo p... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19351 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2014-0234
https://notcve.org/view.php?id=CVE-2014-0234
12 Feb 2020 — The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281. La configuración predeterminada de broker.conf en Red Hat OpenShift Enterprise versiones 2.x anteriores a 2.1, presenta una contraseña de "mooo" para una cuenta Mongo, lo ... • http://openwall.com/lists/oss-security/2014/06/05/19 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 10.0EPSS: 21%CPEs: 1EXPL: 1CVE-2013-2060
https://notcve.org/view.php?id=CVE-2013-2060
28 Jan 2020 — The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. La función download_from_url en OpenShift Origin, permite a atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en la URL de una petición para descargar un carrito. • http://www.openwall.com/lists/oss-security/2013/05/07/1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2013-0196
https://notcve.org/view.php?id=CVE-2013-0196
30 Dec 2019 — A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser. Se encontró un problema de tipo CSRF en OpenShift Enterprise versión 1.2. La consola web está utilizando "Basic authentication" y la API REST no posee un mecanismo de protección contra ataques de tipo CSRF. • https://access.redhat.com/security/cve/cve-2013-0196 • CWE-352: Cross-Site Request Forgery (CSRF) •