Missing Encryption of Sensitive Data
In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.
In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data.
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.