Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.
Max CVSS
7.5
EPSS Score
0.29%
Published
2017-04-20
Updated
2019-12-17
selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.
Max CVSS
3.3
EPSS Score
0.04%
Published
2017-09-26
Updated
2017-10-10
2 vulnerabilities found