CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4253
https://notcve.org/view.php?id=CVE-2013-4253
19 Oct 2022 — The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file. El script de despliegue en el conjunto de scripts complementarios "OpenShift Extras" no soportados, en Red Hat Openshift versión 1, instala una clave pública por defecto en el archivo authorized_keys del usuario root • https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice • CWE-377: Insecure Temporary File CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4281
https://notcve.org/view.php?id=CVE-2013-4281
19 Oct 2022 — In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file. En Red Hat Openshift versión 1, son aplicados permisos débiles por defecto al archivo /etc/openshift/server_priv.pem en el servidor del broker, lo que podría permitir a usuarios con acceso local al broker leer este archivo • https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0068
https://notcve.org/view.php?id=CVE-2014-0068
30 Jun 2022 — It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. Se ha reportado que watchman en openshift node-utils crea /var/run/watchman.pid y /var/log/watchman.ouput con permiso de escritura mundial • https://bugzilla.redhat.com/show_bug.cgi?id=1064100 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3636 – openshift: Injected service-ca.crt incorrectly contains additional internal CAs
https://notcve.org/view.php?id=CVE-2021-3636
28 Jul 2021 — It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service. Se ... • https://bugzilla.redhat.com/show_bug.cgi?id=1978621 • CWE-287: Improper Authentication CWE-295: Improper Certificate Validation •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35514
https://notcve.org/view.php?id=CVE-2020-35514
02 Jun 2021 — An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0... • https://bugzilla.redhat.com/show_bug.cgi?id=1914714 • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1761
https://notcve.org/view.php?id=CVE-2020-1761
27 May 2021 — A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4. Se encontró un fallo en la consola web de OpenShift, donde el token de acceso es guardado en el almacenamiento local del navegador. Un atacante puede usar este fallo para obtener el token de acceso por med... • https://bugzilla.redhat.com/show_bug.cgi?id=1813788 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19346 – openshift/mariadb-apb: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2019-19346
04 Mar 2020 — An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/mariadb-apb, que afecta a las versiones anteriores a las siguientes 4.3.5, 4.2.21, 4.1.37 y 3.11... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19348 – openshift/apb-base: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2019-19348
04 Mar 2020 — An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/apb-base, que afecta a las versiones anteriores a las siguientes 4.3.5, 4.2.21, 4.1.37 y 3.11.188-4.... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2014-0234
https://notcve.org/view.php?id=CVE-2014-0234
12 Feb 2020 — The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281. La configuración predeterminada de broker.conf en Red Hat OpenShift Enterprise versiones 2.x anteriores a 2.1, presenta una contraseña de "mooo" para una cuenta Mongo, lo ... • http://openwall.com/lists/oss-security/2014/06/05/19 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 10.0EPSS: 21%CPEs: 1EXPL: 1CVE-2013-2060
https://notcve.org/view.php?id=CVE-2013-2060
28 Jan 2020 — The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. La función download_from_url en OpenShift Origin, permite a atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en la URL de una petición para descargar un carrito. • http://www.openwall.com/lists/oss-security/2013/05/07/1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •