Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Unknown
CVE-2019-3884
Disclosure Date: August 01, 2019 (last updated November 27, 2024)
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.
0
Attacker Value
Unknown
CVE-2019-5736
Disclosure Date: February 11, 2019 (last updated November 08, 2023)
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
0
Attacker Value
Unknown
CVE-2017-12195
Disclosure Date: July 27, 2018 (last updated November 27, 2024)
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices.
0
Attacker Value
Unknown
CVE-2018-1102
Disclosure Date: April 30, 2018 (last updated November 26, 2024)
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.
0
Attacker Value
Unknown
CVE-2017-7534
Disclosure Date: April 11, 2018 (last updated November 26, 2024)
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.
0
Attacker Value
Unknown
CVE-2018-1069
Disclosure Date: March 09, 2018 (last updated November 26, 2024)
Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.
0