Total
171 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5326 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message. | |||||
| CVE-2015-1807 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 3.5 LOW | N/A |
| Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts. | |||||
| CVE-2015-5325 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 7.5 HIGH | N/A |
| Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665. | |||||
| CVE-2016-3724 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration. | |||||
| CVE-2014-3664 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-0188 | 1 Redhat | 1 Openshift | 2025-04-12 | 7.5 HIGH | N/A |
| The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger. | |||||
| CVE-2016-3721 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. | |||||
| CVE-2016-3723 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints. | |||||
| CVE-2015-1808 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 3.5 LOW | N/A |
| Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data. | |||||
| CVE-2015-7528 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. | |||||
| CVE-2016-5418 | 3 Libarchive, Oracle, Redhat | 10 Libarchive, Linux, Enterprise Linux Desktop and 7 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. | |||||
| CVE-2016-3708 | 1 Redhat | 1 Openshift | 2025-04-12 | 5.5 MEDIUM | 7.1 HIGH |
| Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary. | |||||
| CVE-2016-3722 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name." | |||||
| CVE-2014-3496 | 1 Redhat | 2 Openshift, Openshift Origin | 2025-04-12 | 10.0 HIGH | N/A |
| cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file. | |||||
| CVE-2016-0789 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2014-3674 | 1 Redhat | 1 Openshift | 2025-04-12 | 7.5 HIGH | N/A |
| Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors. | |||||
| CVE-2015-5274 | 1 Redhat | 1 Openshift | 2025-04-12 | 6.5 MEDIUM | N/A |
| rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker. | |||||
| CVE-2016-3711 | 1 Redhat | 2 Openshift, Openshift Origin | 2025-04-12 | 2.1 LOW | 3.3 LOW |
| HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. | |||||
| CVE-2014-3666 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 7.5 HIGH | N/A |
| Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. | |||||
| CVE-2015-7537 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method. | |||||