CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2014-3602 – OpenShift: /proc/net/tcp information disclosure
https://notcve.org/view.php?id=CVE-2014-3602
03 Nov 2014 — Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp. Red Hat OpenShift Enterprise anterior a 2.2 permite a usuarios locales obtener direcciones IP y otra información para sistemas remotos mediante la lectura de /proc/net/tcp. It was found that OpenShift Enterprise did not restrict access to the /proc/net/tcp file in gears, which allowed local users to view all listening connections and connected sockets. This... • http://rhn.redhat.com/errata/RHSA-2014-1796.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3661 – jenkins: denial of service (SECURITY-87)
https://notcve.org/view.php?id=CVE-2014-3661
16 Oct 2014 — Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos provocar una denegación de servicio (consumo de hilo) a través de vectores relacionados con un apretón de manos en CLI. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or pri... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3662 – jenkins: username discovery (SECURITY-110)
https://notcve.org/view.php?id=CVE-2014-3662
16 Oct 2014 — Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos enumerar nombres de usuarios a través de vectores relacionados con intentos de inicio de sesión. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The following security iss... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3663 – jenkins: job configuration issues (SECURITY-127, SECURITY-128)
https://notcve.org/view.php?id=CVE-2014-3663
16 Oct 2014 — Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Job/CONFIGURE eludir las restricciones destinadas y crear o destruir trabajos arbitrarios a través de vectores no especificados. OpenShift Enterprise by Red Hat is the com... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2014-3666 – jenkins: remote code execution flaw (SECURITY-150)
https://notcve.org/view.php?id=CVE-2014-3666
16 Oct 2014 — Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos ejecutar código arbitrario a través de un paquete manipulado para el canal de CLI. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The following security issues are ad... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3667 – jenkins: plug-in code can be downloaded by anyone with read access (SECURITY-155)
https://notcve.org/view.php?id=CVE-2014-3667
16 Oct 2014 — Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 no previene adecuadamente la descarga de plugins, lo que permite a usuarios remotos autenticados con el permiso Overall/READ obtener información sensible leyendo el código del plugin. OpenShift Enterprise ... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3680 – jenkins: password exposure in DOM (SECURITY-138)
https://notcve.org/view.php?id=CVE-2014-3680
16 Oct 2014 — Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Job/READ obtener el valor por defecto para el campo password de un trabajo parametrizado leyendo el DOM. OpenShift Enterprise by Red Hat is the company's cloud computing Platfo... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3664 – jenkins: directory traversal flaw (SECURITY-131)
https://notcve.org/view.php?id=CVE-2014-3664
15 Oct 2014 — Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Overall/READ leer archivos arbitrarios a través de vectores no especificados OpenShift Enterprise by Red Hat is the company's cloud computi... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3681 – jenkins: cross-site scripting flaw in Jenkins core (SECURITY-143)
https://notcve.org/view.php?id=CVE-2014-3681
15 Oct 2014 — Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS in Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for ... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 5%CPEs: 13EXPL: 0CVE-2014-3496 – Origin: Command execution as root via downloadable cartridge source-url
https://notcve.org/view.php?id=CVE-2014-3496
18 Jun 2014 — cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file. cartridge_repository.rb en OpenShift Origin and Enterprise 1.2.8 hasta 2.1.1 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en una Url de fuente que termina con una extensión de fichero (... • http://rhn.redhat.com/errata/RHSA-2014-0762.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •