Page 5 of 61 results (0.012 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents. Jenkins en versiones anteriores a la 2.44, 2.32.2 es vulnerable a una exposición de información en la API interna que permite el acceso a los nombres de los elementos que no deberían ser visibles (SECURITY-380). Esto solo afecta a los usuarios anónimos (otros usuarios tienen acceso legítimo) que podrían obtener una lista de los elementos mediante un UnprotectedRootAction. • http://www.securityfocus.com/bid/95956 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611 https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86 https://jenkins.io/security/advisory/2017-02-01 • CWE-358: Improperly Implemented Security Check for Standard CWE-863: Incorrect Authorization •

CVSS: 9.9EPSS: 0%CPEs: 10EXPL: 0

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation. Se ha encontrado un error en la función source-to-image tal y como se distribuye con Openshift Enterprise 3.x. Una validación incorrecta de archivos tar en ExtractTarStreamFromTarReader en tar/tar.go conduce a un escalado de privilegios. • https://access.redhat.com/errata/RHSA-2018:1227 https://access.redhat.com/errata/RHSA-2018:1229 https://access.redhat.com/errata/RHSA-2018:1231 https://access.redhat.com/errata/RHSA-2018:1233 https://access.redhat.com/errata/RHSA-2018:1235 https://access.redhat.com/errata/RHSA-2018:1237 https://access.redhat.com/errata/RHSA-2018:1239 https://access.redhat.com/errata/RHSA-2018:1241 https://access.redhat.com/errata/RHSA-2018:1243 https://access.redhat.com/errata/RHSA • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. La interfaz vhost de usuario de DPDK no verifica que el rango físico invitado solicitado esté mapeado y sea contiguo al realizar traducciones de direcciones físicas de invitado a direcciones virtuales del host. Esto podría conducir a que un invitado malicioso exponga la memoria del proceso del backend del usuario vhost. • https://access.redhat.com/errata/RHSA-2018:1267 https://access.redhat.com/errata/RHSA-2018:2038 https://access.redhat.com/errata/RHSA-2018:2102 https://access.redhat.com/errata/RHSA-2018:2524 https://access.redhat.com/security/cve/cve-2018-1059 https://bugzilla.redhat.com/show_bug.cgi?id=1544298 https://usn.ubuntu.com/3642-1 https://usn.ubuntu.com/3642-2 https://access.redhat.com/security/cve/CVE-2018-1059 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0

OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod. Las versiones 3.x de OpenShift Enterprise son vulnerables a Cross-Site Scripting (XSS) persistente mediante el visor de logs para pods. El error se debe a la falta de saneamiento de entradas de usuario, específicamente los caracteres de escape de terminal, y la creación de enlaces sobre los que se puede hacer clic automáticamente al ver los archivos log para un pod. • http://www.securityfocus.com/bid/103754 https://bugzilla.redhat.com/show_bug.cgi?id=1443003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. Kubernetes en OpenShift3 permite que atacantes remotos autenticados empleen las imágenes privadas de otros usuarios si conocen el nombre de dicha imagen. • https://bugzilla.redhat.com/show_bug.cgi?id=1291963 https://github.com/kubernetes/kubernetes/pull/18909 • CWE-264: Permissions, Privileges, and Access Controls •