openshift-enterprise-cluster-capacity vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the openshift-enterprise-cluster-capacity package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Resource Exhaustion	*
H Resource Exhaustion	*
M Cross-site Scripting (XSS)	*
L Information Exposure	<0:3.10.14-1.git.376.c0c5a15.el7
H Arbitrary Code Injection	<0:3.11.82-1.git.380.cf11c51.el7
H Arbitrary Code Injection	<0:3.11.82-1.git.380.cf11c51.el7
C Authentication Bypass by Primary Weakness	<0:3.10.72-1.git.380.0fd53e8.el7
H Cross-site Scripting (XSS)	<0:3.11.82-1.git.380.cf11c51.el7
M Information Exposure	<0:3.11.374-1.git.379.80bd08f.el7
H Information Exposure	<0:3.11.51-1.git.380.ffa21af.el7
H Session Fixation	<0:3.11.51-1.git.380.ffa21af.el7
H Resource Exhaustion	<0:3.11.51-1.git.380.ffa21af.el7
H Information Exposure	<0:3.11.51-1.git.380.ffa21af.el7
H Static Code Injection	<0:3.11.82-1.git.380.cf11c51.el7
M Link Following	<0:3.10.127-1.git.0.44580c6.el7
M Link Following	<0:3.11.98-1.git.0.deb9250.el7
H Static Code Injection	<0:3.11.82-1.git.380.cf11c51.el7
H Improper Authentication	<0:3.11.51-1.git.380.ffa21af.el7
H Static Code Injection	<0:3.11.82-1.git.380.cf11c51.el7
H Session Fixation	<0:3.11.82-1.git.380.cf11c51.el7
H Session Fixation	<0:3.11.82-1.git.380.cf11c51.el7
H Cross-site Scripting (XSS)	<0:3.11.117-1.git.1.6593fce.el7
H Static Code Injection	<0:3.11.82-1.git.380.cf11c51.el7
H Improper Authentication	<0:3.11.117-1.git.1.6593fce.el7
H Improper Input Validation	<0:3.11.51-1.git.380.ffa21af.el7
H Cross-site Scripting (XSS)	<0:3.11.51-1.git.380.ffa21af.el7
H Directory Traversal	<0:3.11.51-1.git.380.ffa21af.el7
H Static Code Injection	<0:3.11.82-1.git.380.cf11c51.el7
H Cross-site Scripting (XSS)	<0:3.11.82-1.git.380.cf11c51.el7
H Cross-site Scripting (XSS)	<0:3.11.82-1.git.380.cf11c51.el7
H Cross-site Request Forgery (CSRF)	<0:3.11.82-1.git.380.cf11c51.el7
H API Abuse	<0:3.11.170-1.git.1.661684b.el7
H Information Exposure	<0:3.11.170-1.git.1.661684b.el7
H Information Exposure	<0:3.11.170-1.git.1.661684b.el7
H Covert Timing Channel	<0:3.11.170-1.git.1.661684b.el7
H Covert Timing Channel	<0:3.11.170-1.git.1.661684b.el7
H Insufficient Control of Network Message Volume (Network Amplification)	<0:3.11.170-1.git.1.661684b.el7
H Authentication Bypass by Primary Weakness	<0:3.11.170-1.git.1.661684b.el7
H Incomplete Blacklist	<0:3.11.117-1.git.1.6593fce.el7
H Insufficiently Protected Credentials	<0:3.11.117-1.git.1.6593fce.el7
M Resource Exhaustion	<0:3.11.219-1.git.1.ca1ee51.el7
M Truncation of Security-relevant Information	<0:3.11.248-1.git.1.37b107c.el7
M Information Exposure	<0:3.11.248-1.git.1.37b107c.el7
M Resource Exhaustion	*
M Resource Exhaustion	*
M Algorithmic Complexity	*
M Improper Input Validation	*
M Use of Insufficiently Random Values	<0:3.11.374-1.git.379.80bd08f.el7
H Out-of-bounds Read	<0:3.11.82-1.git.380.cf11c51.el7
H Resource Exhaustion	<0:3.11.82-1.git.380.cf11c51.el7
H Out-of-bounds Read	<0:3.11.82-1.git.380.cf11c51.el7
M Incorrect Calculation	*
L NULL Pointer Dereference	*
M HTTP Response Splitting	<0:3.11.374-1.git.379.80bd08f.el7
L Race Condition	*
L Loop with Unreachable Exit Condition ('Infinite Loop')	*
H Cross-site Scripting (XSS)	<0:3.11.170-1.git.1.661684b.el7
M HTTP Request Smuggling	*
H Resource Exhaustion	<0:3.11.154-1.git.1.5798c2c.el7
H Resource Exhaustion	<0:3.11.154-1.git.1.5798c2c.el7
L Improper Handling of Length Parameter Inconsistency	*

openshift-enterprise-cluster-capacity vulnerabilities

Direct Vulnerabilities

How to fix?