openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LRed Hat Openshift
APPRedhat3.2.1.233.3.1.113.4
Related vulnerabilities
In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This ma...
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform un...
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "moo...
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via s...
mcollective has a default password set at install