Page 2 of 41 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-10885

https://notcve.org/view.php?id=CVE-2018-10885

In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster. En atomic-openshift en versiones anteriores a la 3.10.9 una configuración network-policy maliciosa puede provocar que Openshift Routing se cierre inesperadamente al emplear el plugin ovs-networkpolicy. Un atacante puede emplear este error para provocar un ataque de denegación de servicio (DoS) en un cluster de Openshift 3.9 o 3.7. • http://www.securityfocus.com/bid/104688 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885 • CWE-20: Improper Input Validation •

CVSS: 9.9EPSS: 0%CPEs: 10EXPL: 0

CVE-2018-1102 – source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go

https://notcve.org/view.php?id=CVE-2018-1102

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation. Se ha encontrado un error en la función source-to-image tal y como se distribuye con Openshift Enterprise 3.x. Una validación incorrecta de archivos tar en ExtractTarStreamFromTarReader en tar/tar.go conduce a un escalado de privilegios. • https://access.redhat.com/errata/RHSA-2018:1227 https://access.redhat.com/errata/RHSA-2018:1229 https://access.redhat.com/errata/RHSA-2018:1231 https://access.redhat.com/errata/RHSA-2018:1233 https://access.redhat.com/errata/RHSA-2018:1235 https://access.redhat.com/errata/RHSA-2018:1237 https://access.redhat.com/errata/RHSA-2018:1239 https://access.redhat.com/errata/RHSA-2018:1241 https://access.redhat.com/errata/RHSA-2018:1243 https://access.redhat.com/errata/RHSA • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0

CVE-2017-7534

https://notcve.org/view.php?id=CVE-2017-7534

OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod. Las versiones 3.x de OpenShift Enterprise son vulnerables a Cross-Site Scripting (XSS) persistente mediante el visor de logs para pods. El error se debe a la falta de saneamiento de entradas de usuario, específicamente los caracteres de escape de terminal, y la creación de enlaces sobre los que se puede hacer clic automáticamente al ver los archivos log para un pod. • http://www.securityfocus.com/bid/103754 https://bugzilla.redhat.com/show_bug.cgi?id=1443003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-8631 – 3: Router sometimes selects new routes over old routes when determining claimed hostnames

https://notcve.org/view.php?id=CVE-2016-8631

The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site. El router OpenShift Enterprise 3 no clasifica correctamente las rutas al procesar rutas añadidas recientemente. Un atacante con acceso para crear rutas puede sobrescribir las rutas existentes y redirigir el tráfico de red de otros usuarios a su propio sitio. • http://www.securityfocus.com/bid/94110 https://access.redhat.com/errata/RHSA-2016:2696 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631 https://access.redhat.com/security/cve/CVE-2016-8631 https://bugzilla.redhat.com/show_bug.cgi?id=1390735 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2015-7538 – jenkins: CSRF protection ineffective (SECURITY-233)

https://notcve.org/view.php?id=CVE-2015-7538

Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors. Jenkins en versiones anteriores a 1.640 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos eludir el mecanismo de protección CSRF a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2016-0489.html https://access.redhat.com/errata/RHSA-2016:0070 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09 https://access.redhat.com/security/cve/CVE-2015-7538 https://bugzilla.redhat.com/show_bug.cgi?id=1291797 • CWE-352: Cross-Site Request Forgery (CSRF) •