| Max CVSS | 5.0 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-15137 | 5.0 |
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.
|
12-02-2023 - 23:28 | 16-07-2018 - 20:29 | |
| CVE-2018-10917 | 4.0 |
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso reposit
|
12-02-2023 - 22:15 | 15-08-2018 - 17:29 | |
| CVE-2018-14632 | 4.0 |
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service whi
|
07-02-2023 - 22:18 | 06-09-2018 - 14:29 | |
| CVE-2019-3891 | 2.1 |
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify th
|
15-10-2020 - 19:58 | 15-04-2019 - 12:31 | |
| CVE-2017-15138 | 4.0 |
The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens.
|
09-10-2019 - 23:24 | 13-08-2018 - 17:29 | |
| CVE-2018-1000169 | 5.0 |
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker
|
31-07-2019 - 03:15 | 16-04-2018 - 09:58 | |
| CVE-2018-16861 | 3.5 |
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possib
|
14-05-2019 - 17:29 | 07-12-2018 - 19:29 | |
| CVE-2018-14664 | 3.5 |
A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs b
|
14-05-2019 - 17:29 | 12-10-2018 - 22:15 | |
| CVE-2016-6346 | 5.0 |
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
|
14-05-2019 - 17:29 | 07-09-2016 - 18:59 | |
| CVE-2018-16887 | 3.5 |
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Rep
|
14-05-2019 - 17:29 | 13-01-2019 - 02:29 |