CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3101 – tripleo-ansible: /var/lib/mistral/overcloud discoverable
https://notcve.org/view.php?id=CVE-2022-3101
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment. • https://access.redhat.com/security/cve/CVE-2022-3101 https://bugzilla.redhat.com/show_bug.cgi?id=2123870 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14841
https://notcve.org/view.php?id=CVE-2019-14841
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console. Se encontró una falla en RHDM, donde un atacante autenticado puede cambiar su rol asignado en el encabezado de respuesta. Este fallo permite a un atacante conseguir privilegios de administrador en la consola de Business Central • https://access.redhat.com/security/cve/CVE-2019-14841 https://bugzilla.redhat.com/show_bug.cgi?id=1744801 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14840
https://notcve.org/view.php?id=CVE-2019-14840
A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials. Se ha encontrado un fallo en RHDM, en el que los campos de formulario HTML confidenciales, como la contraseña, tienen habilitado el autocompletado, lo que puede conllevar a un filtrado de credenciales • https://access.redhat.com/security/cve/CVE-2019-14840 https://bugzilla.redhat.com/show_bug.cgi?id=1748185 • CWE-522: Insufficiently Protected Credentials •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7517
https://notcve.org/view.php?id=CVE-2017-7517
An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access the metrics stored from the original "MyProject" instance. Se presenta una vulnerabilidad de comprobación de entrada en Openshift Enterprise debido a un mapeo 1:1 de inquilinos en Hawkular Metrics y proyectos/espacios de nombres en OpenShift. Si un usuario crea un proyecto llamado "MyProject", y más tarde lo elimina, otro usuario puede crear un proyecto llamado "MyProject" y acceder a las métricas almacenadas de la instancia original "MyProject" • https://access.redhat.com/security/cve/CVE-2017-7517 https://bugzilla.redhat.com/show_bug.cgi?id=1470414 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-2963
https://notcve.org/view.php?id=CVE-2022-2963
A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault. Una vulnerabilidad encontrada en jasper. Esta vulnerabilidad de seguridad es producida debido a un fallo de filtrad de memoria en la función cmdopts_parse que puede causar un fallo o una falla de segmentación • https://access.redhat.com/security/cve/CVE-2022-2963 https://bugzilla.redhat.com/show_bug.cgi?id=2118587 https://github.com/jasper-software/jasper/issues/332 • CWE-401: Missing Release of Memory after Effective Lifetime •