openshift · threatengine.sh

CVE-2026-35092

all versions

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unau

7.5HIGH

CVE-2026-35091

all versions

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync mem

8.2HIGH

CVE-2025-14512

all versions

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in

6.5MEDIUM

CVE-2024-45777

all versions

A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_

6.7MEDIUM

CVE-2024-12085

all versions

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate

7.5HIGH

CVE-2024-1485

all versions

A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attac

8.0HIGH

CVE-2023-44487

all versions

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q

7.5HIGH

CVE-2023-0229

all versions

A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can al

6.3MEDIUM

CVE-2023-0296

all versions

The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-

5.3MEDIUM

CVE-2022-3259

all versions

Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.

7.4HIGH

CVE-2022-3262

all versions

A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service pr

8.1HIGH

CVE-2022-3260

all versions

The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interp

4.8MEDIUM

CVE-2013-4281

all versions

In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, whic

5.5MEDIUM

CVE-2013-4253

all versions

The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default publ

7.5HIGH

CVE-2017-7517

all versions

An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/

3.5LOW

CVE-2022-2403

>= 4.9

A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored

6.5MEDIUM

CVE-2021-4125

>= 4.6.0 and < 4.6.52

It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incom

8.1HIGH

CVE-2015-3207

all versions

In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.

5.3MEDIUM

CVE-2021-3697

all versions

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap.

7.0HIGH

CVE-2021-3696

all versions

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in

4.5MEDIUM

CVE-2021-3695

all versions

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to

4.5MEDIUM

CVE-2014-0068

all versions

It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writabl

5.5MEDIUM

CVE-2013-4561

all versions

In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of co

9.1CRITICAL

CVE-2021-4047

all versions

The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing.

7.5HIGH

CVE-2021-3636

< 4.8

It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included

4.6MEDIUM

CVE-2020-35514

< 4.7.0

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with acc

7.0HIGH

CVE-2020-1761

< 4.0

A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can us

6.1MEDIUM

CVE-2019-19350

all versions

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red

7.8HIGH

CVE-2019-19349

all versions

An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as

7.8HIGH

CVE-2019-10225

all versions

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't suffi

6.3MEDIUM

CVE-2020-10715

>= 4.0 and <= 4.3.5

A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and

4.3MEDIUM

CVE-2020-1759

all versions

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability

6.4MEDIUM

CVE-2019-19348

< 3.11.188-4

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions b

7.0HIGH

CVE-2019-19346

< 3.11.188-4

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting version

7.0HIGH

CVE-2020-1709

>= 4.0 and < 4.3

A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability i

7.0HIGH

CVE-2020-1707

>= 4.0 and < 4.3

A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerabil

7.0HIGH

CVE-2019-19345

>= 4.0 and < 4.3

A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerabili

7.0HIGH

CVE-2019-19355

all versions

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker wi

7.0HIGH

CVE-2019-19351

all versions

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with acce

7.0HIGH

CVE-2019-19335

all versions

During installation of an OpenShift 4 cluster, the openshift-install command line tool creates an auth directory, with `kubeco

4.4MEDIUM

CVE-2012-6685

all versions

Nokogiri before 1.5.4 is vulnerable to XXE attacks

7.5HIGH

CVE-2014-0234

< 2.1

The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo accou

9.8CRITICAL

CVE-2013-2060

all versions

The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters

9.8CRITICAL

CVE-2013-0196

all versions

A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF a

6.5MEDIUM

CVE-2016-1000229

all versions

swagger-ui has XSS in key names

6.1MEDIUM

CVE-2014-0175

all versions

mcollective has a default password set at install

9.8CRITICAL

CVE-2014-0163

all versions

Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.

8.8HIGH

CVE-2013-7370

all versions

node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware

6.1MEDIUM

CVE-2013-0163

all versions

OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS

5.5MEDIUM

CVE-2013-2103

all versions

OpenShift cartridge allows remote URL retrieval

8.1HIGH

CVE-2012-6135

all versions

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.

7.5HIGH

CVE-2014-0023

all versions

OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution

7.8HIGH

CVE-2013-5123

all versions

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows

5.9MEDIUM

CVE-2013-0165

all versions

cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.

7.3HIGH

CVE-2019-14845

>= 4.1 and <= 4.3

A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass t

5.3MEDIUM

CVE-2019-6648

all versions

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-c

4.4MEDIUM

CVE-2019-3884

all versions

A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object

5.4MEDIUM

CVE-2019-5736

all versions

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and

8.6HIGH

CVE-2018-14645

all versions

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpa

7.5HIGH

CVE-2016-7075

all versions

It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate ho

7.5HIGH

CVE-2016-8651

all versions

An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associa

3.1LOW

CVE-2016-8631

all versions

The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to cre

6.3MEDIUM

CVE-2017-15137

all versions

The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example.

4.3MEDIUM

CVE-2018-10875

all versions

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plu

7.8HIGH

CVE-2018-10885

< 3.10.9

In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using

6.5MEDIUM

CVE-2018-1257

all versions

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows application

6.5MEDIUM

CVE-2017-2611

all versions

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The

4.3MEDIUM

CVE-2018-1102

all versions

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in

8.8HIGH

CVE-2018-1059

all versions

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when p

6.1MEDIUM

CVE-2016-9592

all versions

openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete o

4.3MEDIUM

CVE-2017-7534

all versions

OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation

5.4MEDIUM

CVE-2018-1069

all versions

Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker c

7.1HIGH

CVE-2013-4364

all versions

(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1

7.8HIGH

CVE-2015-7501

all versions

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterp

9.8CRITICAL

CVE-2015-0238

all versions

selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalatio

3.3LOW

CVE-2015-7561

all versions

Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of s

3.1LOW

CVE-2017-1000376

all versions

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. P

7.0HIGH

CVE-2016-5409

all versions

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it eas

7.5HIGH

CVE-2016-5418

all versions

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow r

7.5HIGH

CVE-2016-5766

all versions

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP bef

8.8HIGH

CVE-2016-5392

all versions

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticat

6.5MEDIUM

CVE-2015-8945

<= 1.1.6

openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credent

5.1MEDIUM

CVE-2016-2074

all versions

Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote at

9.8CRITICAL

CVE-2016-3738

all versions

Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to acces

8.8HIGH

CVE-2016-3711

all versions

HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by

3.3LOW

CVE-2016-3708

all versions

Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolat

7.1HIGH

CVE-2016-3703

all versions

Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a se

5.3MEDIUM

CVE-2016-2160

all versions

Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by

8.8HIGH

CVE-2016-2149

all versions

Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name

6.5MEDIUM

CVE-2016-2142

all versions

Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file,

5.5MEDIUM

CVE-2016-3727

all versions

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended

4.3MEDIUM

CVE-2016-3726

all versions

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to ar

7.4HIGH

CVE-2016-3725

all versions

Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leverag

4.3MEDIUM

CVE-2016-3724

all versions

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password

6.5MEDIUM

CVE-2016-3723

all versions

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installatio

4.3MEDIUM

CVE-2016-3722

all versions

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (un

4.3MEDIUM

CVE-2016-3721

all versions

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the bui

4.3MEDIUM

CVE-2015-7528

all versions

Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.

5.3MEDIUM

CVE-2016-0792

all versions

Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbi

8.8HIGH

CVE-2016-0791

all versions

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for

9.8CRITICAL

CVE-2016-0790

all versions

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for r

5.3MEDIUM

CVE-2016-0789

all versions

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attacke

6.1MEDIUM

CVE-2016-0788

all versions

The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a

9.8CRITICAL

CVE-2015-7539

all versions

The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update

7.5HIGH

CVE-2015-7538

<= 3.1

Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors

8.8HIGH

CVE-2015-7537

<= 3.1

Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack t

8.8HIGH

CVE-2015-5254

all versions

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attacker

9.8CRITICAL

CVE-2015-5326

<= 3.1

Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote a

CVE-2015-5325

<= 3.1

Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a

CVE-2015-5324

<= 3.1

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/a

CVE-2015-5323

<= 3.1

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators

CVE-2015-5322

<= 3.1

Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory content

CVE-2015-5321

<= 3.1

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attac

CVE-2015-5320

<= 3.1

Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows

CVE-2015-5319

<= 3.1

XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote

CVE-2015-5318

<= 3.1

Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it eas

CVE-2015-5317

<= 3.1

The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and bui

7.5HIGH

CVE-2015-5305

all versions

Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitra

CVE-2015-1814

<= 3.1

The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "for

CVE-2015-1813

<= 3.1

Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrar

CVE-2015-1812

<= 3.1

Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrar

CVE-2015-1810

<= 3.1

The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names whe

CVE-2015-1808

<= 3.1

Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and t

CVE-2015-1807

<= 3.1

Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain pe

CVE-2015-1806

<= 3.1

The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job con

CVE-2015-5274

all versions

rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a cr

CVE-2015-5222

all versions

Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permi

CVE-2014-0233

all versions

Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via s

CVE-2014-3674

<= 2.1.8

Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the ne

CVE-2014-3602

<= 2.1.8

Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by

CVE-2014-3680

<= 3.1

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default v

CVE-2014-3667

<= 3.1

Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated us

CVE-2014-3666

<= 3.1

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI chan

CVE-2014-3663

<= 3.1

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended

CVE-2014-3662

<= 3.1

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.

CVE-2014-3661

<= 3.1

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors

CVE-2014-3681

<= 3.1

Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrar

CVE-2014-3664

<= 3.1

Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overal

CVE-2014-3496

all versions

cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary comman

CVE-2014-0164

all versions

openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mco

CVE-2014-0188

<= 1.2.7

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requ

CVE-2014-1869

<= 3.1

Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan

CVE-2013-2119

all versions

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent appli

CVE-2013-2186

<= 3.1

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0;

CVE-2013-0164

<= 1.0

The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to over

CVE-2012-5658

<= 1.0

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive informat

CVE-2012-5647

all versions

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers

CVE-2012-5646

all versions

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary comman

CVE-2012-5622

all versions

Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controlle

redhat openshift