Max CVSS | 5.8 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-15137 | 5.0 |
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.
|
12-02-2023 - 23:28 | 16-07-2018 - 20:29 | |
CVE-2017-12195 | 5.8 |
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication
|
12-02-2023 - 23:28 | 27-07-2018 - 15:29 | |
CVE-2017-15138 | 4.0 |
The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens.
|
09-10-2019 - 23:24 | 13-08-2018 - 17:29 | |
CVE-2017-1000095 | 4.0 |
The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox
|
03-10-2019 - 00:03 | 05-10-2017 - 01:29 |