CVE-2013-0196
https://notcve.org/view.php?id=CVE-2013-0196
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser. Se encontró un problema de tipo CSRF en OpenShift Enterprise versión 1.2. La consola web está utilizando "Basic authentication" y la API REST no posee un mecanismo de protección contra ataques de tipo CSRF. • https://access.redhat.com/security/cve/cve-2013-0196 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2014-0175
https://notcve.org/view.php?id=CVE-2014-0175
mcollective has a default password set at install mcollective presenta una contraseña predeterminada establecida en la instalación. • https://access.redhat.com/security/cve/cve-2014-0175 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175 https://security-tracker.debian.org/tracker/CVE-2014-0175 • CWE-798: Use of Hard-coded Credentials •
CVE-2014-0163
https://notcve.org/view.php?id=CVE-2014-0163
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. OpenShift presenta fallos de inyección de comandos de shell debido a que los datos no saneados son pasados a los comandos de shell. • https://access.redhat.com/security/cve/cve-2014-0163 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2013-0163
https://notcve.org/view.php?id=CVE-2013-0163
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS Un cartucho haproxy de OpenShift: un /tmp predecible en el enlace de conexión set-proxy que podría facilitar una DoS. • https://access.redhat.com/security/cve/cve-2013-0163 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0163 • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2013-2103
https://notcve.org/view.php?id=CVE-2013-2103
OpenShift cartridge allows remote URL retrieval El cartucho de OpenShift permite la recuperación remota de la URL. • https://access.redhat.com/security/cve/cve-2013-2103 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2103 • CWE-20: Improper Input Validation •