Total
263 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8651 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | 2.7 LOW | 3.1 LOW |
| An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image. | |||||
| CVE-2016-1000232 | 3 Ibm, Redhat, Salesforce | 3 Api Connect, Openshift Container Platform, Tough-cookie | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0. | |||||
| CVE-2022-2220 | 1 Redhat | 1 Openshift Container Platform | 2024-02-04 | N/A | N/A |
| OpenShift doesn't properly verify subdomain ownership, which allows route takeover. Once a custom route is created, the user must update the DNS provider by creating a canonical name (CNAME) record (if he likes to expose this route externally). The CNAME record should point the custom domain to the OpenShift router as the alias. In a case that the CNAME is not removed when the route is not in use anymore we are dealing with a dangling route. A malicious actor may take over the route. | |||||