CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3207
https://notcve.org/view.php?id=CVE-2015-3207
In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes. En Openshift Origin 3 las cookies que son establecidas en la consola no presentan atributos "secure", "HttpOnly" • https://bugzilla.redhat.com/show_bug.cgi?id=1221882 https://github.com/openshift/origin/pull/2261 https://github.com/openshift/origin/pull/2291 • CWE-311: Missing Encryption of Sensitive Data CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2013-2095
https://notcve.org/view.php?id=CVE-2013-2095
rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection rubygem-openshift-origin-controller: La API puede ser utilizada para crear aplicaciones por medio de la función URI.prase() en el archivo cartridge_cache.rb para realizar una inyección de comandos • https://access.redhat.com/security/cve/cve-2013-2095 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2095 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8945
https://notcve.org/view.php?id=CVE-2015-8945
openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal. openshift-node en OpenShift Origin 1.1.6 y versiones anteriores almacena incorrectamente credenciales de router como envvars en la ranura cuando la opción --credentials es usada, lo que permite a usuarios locales obtener información clave privada y sensible leyendo el diario systemd. • http://www.openwall.com/lists/oss-security/2016/07/13/10 http://www.openwall.com/lists/oss-security/2016/07/13/9 http://www.securityfocus.com/bid/91776 https://github.com/openshift/origin/issues/3951 • CWE-255: Credentials Management Errors •