RHSA-2016:1773HighCVSS 4.8

Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.10 security, bug fix, and enhancement update

Published
August 24, 2016
Last Modified
June 27, 2026

🔗 CVE IDs covered (14)

📋 Description

CVE-2014-3577 — CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2015-7501 — apache-commons-collections: InvokerTransformer code execution during deserialisation CVE-2016-0788 — jenkins: Remote code execution vulnerability in remoting module (SECURITY-232) CVE-2016-0789 — jenkins: HTTP response splitting vulnerability (SECURITY-238) CVE-2016-0790 — jenkins: Non-constant time comparison of API token (SECURITY-241) CVE-2016-0791 — jenkins: Non-constant time comparison of CSRF crumbs (SECURITY-245) CVE-2016-0792 — jenkins: Remote code execution through remote API (SECURITY-247) CVE-2016-3721 — jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170) CVE-2016-3722 — jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243) CVE-2016-3723 — jenkins: Information on installed plugins exposed via API (SECURITY-250) CVE-2016-3724 — jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266) CVE-2016-3725 — jenkins: Regular users can trigger download of update site metadata (SECURITY-273) CVE-2016-3726 — jenkins: Open redirect to scheme-relative URLs (SECURITY-276) CVE-2016-3727 — jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)

🔗 References (28)