Total
170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1807 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 3.5 LOW | N/A |
| Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts. | |||||
| CVE-2015-1806 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 6.5 MEDIUM | N/A |
| The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors. | |||||
| CVE-2015-1813 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812. | |||||
| CVE-2015-1810 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 4.6 MEDIUM | N/A |
| The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name. | |||||
| CVE-2014-3666 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2016-06-15 | 7.5 HIGH | N/A |
| Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. | |||||
| CVE-2016-2160 | 1 Redhat | 2 Openshift, Openshift Origin | 2016-06-09 | 9.0 HIGH | 8.8 HIGH |
| Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. | |||||
| CVE-2012-2126 | 3 Canonical, Redhat, Rubygems | 3 Ubuntu Linux, Openshift, Rubygems | 2014-01-14 | 4.3 MEDIUM | N/A |
| RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack. | |||||
| CVE-2012-2125 | 3 Canonical, Redhat, Rubygems | 3 Ubuntu Linux, Openshift, Rubygems | 2014-01-14 | 5.8 MEDIUM | N/A |
| RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. | |||||
| CVE-2012-5658 | 1 Redhat | 2 Openshift, Openshift Origin | 2013-02-26 | 2.1 LOW | N/A |
| rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels. | |||||
| CVE-2012-5647 | 1 Redhat | 2 Openshift, Openshift Origin | 2013-02-26 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO. | |||||