RHSA-2016:0070High

Red Hat Security Advisory: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update

Published
January 26, 2016
Last Modified
June 27, 2026

🔗 CVE IDs covered (33)

📋 Description

CVE-2013-2186 — commons-fileupload: Arbitrary file upload via deserialization CVE-2014-1869 — stapler-adjunct-zeroclipboard: multiple cross-site scripting (XSS) flaws CVE-2014-3661 — jenkins: denial of service (SECURITY-87) CVE-2014-3662 — jenkins: username discovery (SECURITY-110) CVE-2014-3663 — jenkins: job configuration issues (SECURITY-127, SECURITY-128) CVE-2014-3664 — jenkins: directory traversal flaw (SECURITY-131) CVE-2014-3666 — jenkins: remote code execution flaw (SECURITY-150) CVE-2014-3667 — jenkins: plug-in code can be downloaded by anyone with read access (SECURITY-155) CVE-2014-3680 — jenkins: password exposure in DOM (SECURITY-138) CVE-2014-3681 — jenkins: cross-site scripting flaw in Jenkins core (SECURITY-143) CVE-2015-1806 — jenkins: Combination filter Groovy script unsecured (SECURITY-125) CVE-2015-1807 — jenkins: directory traversal from artifacts via symlink (SECURITY-162) CVE-2015-1808 — jenkins: update center metadata retrieval DoS attack (SECURITY-163) CVE-2015-1810 — jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166) CVE-2015-1812 — jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177) CVE-2015-1813 — jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177) CVE-2015-1814 — jenkins: forced API token change (SECURITY-180) CVE-2015-5317 — jenkins: Project name disclosure via fingerprints (SECURITY-153) CVE-2015-5318 — jenkins: Public value used for CSRF protection salt (SECURITY-169) CVE-2015-5319 — jenkins: XXE injection into job configurations via CLI (SECURITY-173) CVE-2015-5320 — jenkins: Secret key not verified when connecting a slave (SECURITY-184) CVE-2015-5321 — jenkins: Information disclosure via sidepanel (SECURITY-192) CVE-2015-5322 — jenkins: Local file inclusion vulnerability (SECURITY-195) CVE-2015-5323 — jenkins: API tokens of other users available to admins (SECURITY-200) CVE-2015-5324 — jenkins: Queue API did show items not visible to the current user (SECURITY-186) CVE-2015-5325 — jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206) CVE-2015-5326 — jenkins: Stored XSS vulnerability in slave offline status message (SECURITY-214) CVE-2015-7537 — jenkins: CSRF vulnerability in some administrative actions (SECURITY-225) CVE-2015-7538 — jenkins: CSRF protection ineffective (SECURITY-233) CVE-2015-7539 — jenkins: Jenkins plugin manager vulnerable to MITM attacks (SECURITY-234) CVE-2015-8103 — jenkins: Remote code execution vulnerability due to unsafe deserialization in Jenkins remoting (SECURITY-218) CVE-2016-1905 — server: patch operation should use patched object to check admission control CVE-2016-1906 — server: build config to a strategy that isn't allowed by policy

🔗 References (70)