Filtered by vendor Redhat
                         Subscriptions
                    
                    
                
                        Filtered by product Openshift Container Platform
                         Subscriptions
                    
                    
                
                    Total
                    267 CVE
                
            | CVE | Vendors | Products | Updated | CVSS v3.1 | 
|---|---|---|---|---|
| CVE-2017-7481 | 3 Canonical, Debian, Redhat | 14 Ubuntu Linux, Debian Linux, Ansible Engine and 11 more | 2024-11-21 | 9.8 Critical | 
| Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated. | ||||
| CVE-2017-15138 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | N/A | 
| The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens. | ||||
| CVE-2017-15137 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | N/A | 
| The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed. | ||||
| CVE-2017-15095 | 5 Debian, Fasterxml, Netapp and 2 more | 31 Debian Linux, Jackson-databind, Oncommand Balance and 28 more | 2024-11-21 | 9.8 Critical | 
| A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. | ||||
| CVE-2017-12195 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | N/A | 
| A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices. | ||||
| CVE-2016-8651 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | N/A | 
| An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image. | ||||
| CVE-2016-1000232 | 3 Ibm, Redhat, Salesforce | 5 Api Connect, Openshift, Openshift Container Platform and 2 more | 2024-11-21 | N/A | 
| NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0. | ||||