CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4281
https://notcve.org/view.php?id=CVE-2013-4281
In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file. En Red Hat Openshift versión 1, son aplicados permisos débiles por defecto al archivo /etc/openshift/server_priv.pem en el servidor del broker, lo que podría permitir a usuarios con acceso local al broker leer este archivo • https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice https://www.openwall.com/lists/oss-security/2014/06/05/19 • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2805 – ovirt-engine: RHVM admin password is logged unfiltered when using otopi-style
https://notcve.org/view.php?id=CVE-2022-2805
A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss. Se ha encontrado un fallo en ovirt-engine, que conlleva a un registro de contraseñas en texto plano en el archivo de registro cuando es usado otapi-style. Este fallo permite a un atacante con privilegios suficientes leer el archivo de registro, conllevando a una pérdida de confidencialidad • https://access.redhat.com/security/cve/CVE-2022-2805 https://bugzilla.redhat.com/show_bug.cgi?id=2079545 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1414
https://notcve.org/view.php?id=CVE-2022-1414
3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks. 3scale API Management versión 2 no lleva a cabo un saneo apropiado de las entradas del usuario en múltiples campos. Un usuario autenticado podría usar este fallo para inyectar scripts y posiblemente conseguir acceso a información confidencial o conducir otros ataques • https://access.redhat.com/security/cve/CVE-2022-1414 https://bugzilla.redhat.com/show_bug.cgi?id=2076794 • CWE-20: Improper Input Validation CWE-1173: Improper Use of Validation Framework •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4253
https://notcve.org/view.php?id=CVE-2013-4253
The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file. El script de despliegue en el conjunto de scripts complementarios "OpenShift Extras" no soportados, en Red Hat Openshift versión 1, instala una clave pública por defecto en el archivo authorized_keys del usuario root • https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice https://www.openwall.com/lists/oss-security/2014/06/05/19 • CWE-377: Insecure Temporary File CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3146 – tripleo-ansible: /etc/openstack/clouds.yaml discoverable
https://notcve.org/view.php?id=CVE-2022-3146
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment. • https://access.redhat.com/security/cve/CVE-2022-3146 https://bugzilla.redhat.com/show_bug.cgi?id=2124721 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •