Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2015:1844
HistorySep 30, 2015 - 12:00 a.m.

(RHSA-2015:1844) Important: Red Hat OpenShift Enterprise 2.2.7 security, bug fix and enhancement update

2015-09-3000:00:00
access.redhat.com
24

EPSS

0.005

Percentile

77.4%

JSON

OpenShift Enterprise by Red Hat is the company’s cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.

Space precludes documenting all of the bug fixes in this advisory.
See the OpenShift Enterprise Technical Notes, which will be updated
shortly for release 2.2.7, for details about these changes. The
following security issues are addressed in this release:

A flaw was found in the Jenkins API token-issuing service. The
service was not properly protected against anonymous users,
potentially allowing remote attackers to escalate privileges.
(CVE-2015-1814)

It was found that the combination filter Groovy script could allow
a remote attacker to potentially execute arbitrary code on a
Jenkins master. (CVE-2015-1806)

It was found that when building artifacts, the Jenkins server would
follow symbolic links, potentially resulting in disclosure of
information on the server. (CVE-2015-1807)

A denial of service flaw was found in the way Jenkins handled
certain update center data. An authenticated user could provide
specially crafted update center data to Jenkins, causing plug-in
and tool installation to not work properly. (CVE-2015-1808)

It was found that Jenkins’ XPath handling allowed XML External
Entity (XXE) expansion. A remote attacker with read access could
use this flaw to read arbitrary XML files on the Jenkins server.
(CVE-2015-1809)

It was discovered that the internal Jenkins user database did not
restrict access to reserved names, allowing users to escalate
privileges. (CVE-2015-1810)

It was found that Jenkins’ XML handling allowed XML External Entity
(XXE) expansion. A remote attacker with the ability to pass XML
data to Jenkins could use this flaw to read arbitrary XML files on
the Jenkins server. (CVE-2015-1811)

Two cross-site scripting (XSS) flaws were found in Jenkins. A
remote attacker could use these flaws to conduct XSS attacks
against users of an application using Jenkins. (CVE-2015-1812,
CVE-2015-1813)

https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html
All OpenShift Enterprise 2 users are advised to upgrade to these
updated packages.

OSVersionArchitecturePackageVersionFilename
RedHat6noarchopenshift-origin-node-util< 1.37.2.1-1.el6opopenshift-origin-node-util-1.37.2.1-1.el6op.noarch.rpm
RedHat6noarchopenshift-origin-broker-util< 1.36.2.2-1.el6opopenshift-origin-broker-util-1.36.2.2-1.el6op.noarch.rpm
RedHat6noarchrubygem-openshift-origin-controller< 1.37.3.1-1.el6oprubygem-openshift-origin-controller-1.37.3.1-1.el6op.noarch.rpm
RedHat6srcrubygem-openshift-origin-console< 1.35.2.1-1.el6oprubygem-openshift-origin-console-1.35.2.1-1.el6op.src.rpm
RedHat6srcrhc< 1.37.1.2-1.el6oprhc-1.37.1.2-1.el6op.src.rpm
RedHat6noarchrubygem-openshift-origin-gear-placement< 0.0.2.1-1.el6oprubygem-openshift-origin-gear-placement-0.0.2.1-1.el6op.noarch.rpm
RedHat6srcopenshift-origin-node-util< 1.37.2.1-1.el6opopenshift-origin-node-util-1.37.2.1-1.el6op.src.rpm
RedHat6srcopenshift-origin-cartridge-jbosseap< 2.26.3.1-1.el6opopenshift-origin-cartridge-jbosseap-2.26.3.1-1.el6op.src.rpm
RedHat6noarchrubygem-openshift-origin-node< 1.37.1.1-1.el6oprubygem-openshift-origin-node-1.37.1.1-1.el6op.noarch.rpm
RedHat6noarchrubygem-openshift-origin-routing-daemon< 0.25.1.2-1.el6oprubygem-openshift-origin-routing-daemon-0.25.1.2-1.el6op.noarch.rpm
Rows per page:
1-10 of 481

Related

nessus 6
fedora 10
f5 2
openvas 16
ubuntucve 9
prion 9
github 3
cve 9
osv 3
cvelist 9
nvd 9
veracode 20
redhat 1
nessus
nessus
Fedora 22 : jenkins-1.606-1.fc22 / jenkins-executable-war-1.29-4.fc22 / jffi-1.2.7-5.fc22 (2015-5430)
2015-04-22 00:00:00
RHEL 6 : Red Hat OpenShift Enterprise 2.2.7 (RHSA-2015:1844)
2018-12-04 00:00:00
Fedora 21 : jenkins-1.590-3.fc21 (2015-5466)
2015-04-20 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: jenkins-1.606-1.fc22
2015-04-21 19:09:03
[SECURITY] Fedora 21 Update: jenkins-1.590-3.fc21
2015-04-18 09:44:18
[SECURITY] Fedora 22 Update: jenkins-executable-war-1.29-4.fc22
2015-04-21 19:09:03
f5
f5
SOL17455 - Multiple Jenkins vulnerabilities
2015-10-16 00:00:00
K17455 : Multiple Jenkins vulnerabilities
2015-10-16 00:00:00
openvas
openvas
Fedora Update for jenkins-executable-war FEDORA-2015-5430
2015-07-07 00:00:00
Fedora Update for jenkins FEDORA-2015-5430
2015-07-07 00:00:00
Fedora Update for jenkins FEDORA-2015-5466
2015-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2015-1812
2015-10-16 00:00:00
CVE-2015-1813
2015-10-16 00:00:00
CVE-2015-1809
2020-01-15 00:00:00
prion
prion
Cross site scripting
2015-10-16 20:59:00
Cross site scripting
2015-10-16 20:59:00
Xxe
2020-01-15 19:15:00
github
github
Jenkins Cross-site Scripting vulnerability
2022-05-17 03:53:16
XML external entity (XXE) vulnerability in Jenkins
2022-05-24 17:06:12
XML external entity (XXE) vulnerability in Jenkins
2022-05-24 17:06:12
cve
cve
CVE-2015-1812
2015-10-16 20:59:09
CVE-2015-1813
2015-10-16 20:59:10
CVE-2015-1809
2020-01-15 19:15:12
osv
osv
Jenkins Cross-site Scripting vulnerability
2022-05-17 03:53:16
XML external entity (XXE) vulnerability in Jenkins
2022-05-24 17:06:12
XML external entity (XXE) vulnerability in Jenkins
2022-05-24 17:06:12
cvelist
cvelist
CVE-2015-1813
2015-10-16 20:00:00
CVE-2015-1812
2015-10-16 20:00:00
CVE-2015-1809
2020-01-15 18:05:30
nvd
nvd
CVE-2015-1812
2015-10-16 20:59:09
CVE-2015-1813
2015-10-16 20:59:10
CVE-2015-1809
2020-01-15 19:15:12
veracode
veracode
XML External Entity (XXE)
2019-05-02 05:18:33
Privilege Escalation
2019-05-02 05:18:34
Denial Of Service (DoS)
2019-05-02 05:18:32
redhat
redhat
(RHSA-2016:0070) Important: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update
2016-01-26 19:01:15

EPSS

0.005

Percentile

77.4%

JSON
Related for RHSA-2015:1844
nessus6fedora10f52openvas16ubuntucve9prion9github3cve9osv3cvelist9nvd9veracode20redhat1