CyberSec.Space Logo
Back to CVE Browser

CVE-2013-2060

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1230%
EPSS Percentile28.80th
PublishedJan 28, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.

Affected Platforms (CPE)

πŸ“¦
Redhat

Openshift

= 1.0

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2013/05/07/1
πŸ”— http://www.securityfocus.com/bid/59687
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=960363
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/84075
πŸ”— http://www.openwall.com/lists/oss-security/2013/05/07/1
πŸ”— http://www.securityfocus.com/bid/59687
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=960363
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/84075

Related Vulnerabilities

CVE-2014-349610.0

cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary comman...

CVE-2013-20959.8

rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command ...

CVE-2019-38999.8

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interfac...

CVE-2014-02349.8

The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo accou...