CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-3738 – origin: pod update allows docker socket access via build-pod
https://notcve.org/view.php?id=CVE-2016-3738
20 May 2016 — Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod. Red Hat OpenShift Enterprise 3.2 no restringe correctamente el acceso a builds STI, lo que permite a usuarios remotos autenticados acceder al socket Docker y obtener privilegios a través de vectores relacionado con build-pod. A vulnerability was found in the STI build process in OpenShift Enterprise. Access... • https://access.redhat.com/errata/RHSA-2016:1094 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3722 – jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243)
https://notcve.org/view.php?id=CVE-2016-3722
17 May 2016 — Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name." Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permiten a usuarios remotos autenticados con múltiples cuentas provocar una denegación de servicio (sin posibilidad de acceso) editando el "full name". OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for... • http://rhn.redhat.com/errata/RHSA-2016-1773.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3723 – jenkins: Information on installed plugins exposed via API (SECURITY-250)
https://notcve.org/view.php?id=CVE-2016-3723
17 May 2016 — Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints. Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con acceso a lectura obtener información sensible de instalación de plugin aprovechando la falta de comprobaciones de permisos en dispositivos XML/JSON API no especificad... • http://rhn.redhat.com/errata/RHSA-2016-1773.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3724 – jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266)
https://notcve.org/view.php?id=CVE-2016-3724
17 May 2016 — Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration. Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con acceso avanzado a lectura obtener información sensible de contraseña leyendo la configuración de trabajo. OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for ... • http://rhn.redhat.com/errata/RHSA-2016-1773.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3725 – jenkins: Regular users can trigger download of update site metadata (SECURITY-273)
https://notcve.org/view.php?id=CVE-2016-3725
17 May 2016 — Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption). Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados desencadenar actualizaciones de metadatos provenientes de portales de actualización aprovechando la falta de comprobación ... • http://rhn.redhat.com/errata/RHSA-2016-1773.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 1CVE-2016-3726 – jenkins: Open redirect to scheme-relative URLs (SECURITY-276)
https://notcve.org/view.php?id=CVE-2016-3726
17 May 2016 — Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs. Múltiples vulnerabilidades de redirección abierta en Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permiten a atacantes remotos redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados rel... • https://packetstorm.news/files/id/143229 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3727 – jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)
https://notcve.org/view.php?id=CVE-2016-3727
17 May 2016 — The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors. La URL API computer/(master)/api/xml en Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con permiso avanzado de lectura para el nodo maestro obtener información sensible sobre la configur... • http://rhn.redhat.com/errata/RHSA-2016-1773.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3721 – jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)
https://notcve.org/view.php?id=CVE-2016-3721
17 May 2016 — Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 podría permitir a usuarios remotos autenticados inyectar parámetros de construcción arbitrarios en el entorno de construcción a través de variables del entorno. OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution desi... • http://rhn.redhat.com/errata/RHSA-2016-1773.html • CWE-17: DEPRECATED: Code •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2149 – 3: logs from a deleted namespace can be revealed if a new namespace with the same name is created
https://notcve.org/view.php?id=CVE-2016-2149
13 May 2016 — Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace. Red Hat OpenShift Enterprise 3.2 permite a usuarios remotos autenticados leer archivos de registro de otro espacio de nombre utilizando el mismo nombre que un espacio de nombre que haya sido eliminado cuando se crea un nuevo espacio de nombre. It was found that OpenShift Enterprise would disclose log file contents ... • https://access.redhat.com/errata/RHSA-2016:1064 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2160 – Privilege escalation when changing root password in sti builder image
https://notcve.org/view.php?id=CVE-2016-2160
13 May 2016 — Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. Red Hat OpenShift Enterprise 3.2 y OpenShift Origin permiten a usuarios remotos autenticados ejecutar comandos con privilegios de root cambiando la contraseña de root en una imagen builder sti. A flaw was found in the building of containers within OpenShift Enterprise. An attacker could submit an image for building that execute... • https://access.redhat.com/errata/RHSA-2016:1064 • CWE-264: Permissions, Privileges, and Access Controls •