openshift/openshift-extras

openshift/openshift-extras

Releases0

Stars38

Unofficial tools for use with OpenShift

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2013-4253 ↗	Oct 19, 2022Wednesday, 19 October 2022, 18:15	7.5 HIGH	—
The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.
CVE-2013-4281 ↗	Oct 19, 2022Wednesday, 19 October 2022, 18:15	5.5 MEDIUM	—
In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.
CVE-2014-0234 ↗	Feb 12, 2020Wednesday, 12 February 2020, 01:15	9.8 CRITICAL	7.5 HIGH
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.