Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/cockpit@160-3?arch=el7
Typerpm
Namespaceredhat
Namecockpit
Version160-3
Qualifiers
arch el7
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-3m8h-88sb-f7hk
vulnerability_id VCID-3m8h-88sb-f7hk
summary 
Privilege Escalation in Kubernetes
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:3537
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3537
1
reference_url https://access.redhat.com/errata/RHSA-2018:3549
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3549
2
reference_url https://access.redhat.com/errata/RHSA-2018:3551
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3551
3
reference_url https://access.redhat.com/errata/RHSA-2018:3598
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3598
4
reference_url https://access.redhat.com/errata/RHSA-2018:3624
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3624
5
reference_url https://access.redhat.com/errata/RHSA-2018:3742
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3742
6
reference_url https://access.redhat.com/errata/RHSA-2018:3752
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3752
7
reference_url https://access.redhat.com/errata/RHSA-2018:3754
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3754
8
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1002105.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1002105.json
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1002105
reference_id
reference_type
scores
0
value 0.90349
scoring_system epss
scoring_elements 0.99605
published_at 2026-04-24T12:55:00Z
1
value 0.90698
scoring_system epss
scoring_elements 0.99622
published_at 2026-04-16T12:55:00Z
2
value 0.90698
scoring_system epss
scoring_elements 0.99619
published_at 2026-04-02T12:55:00Z
3
value 0.90698
scoring_system epss
scoring_elements 0.9962
published_at 2026-04-07T12:55:00Z
4
value 0.90698
scoring_system epss
scoring_elements 0.99621
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1002105
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002105
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002105
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/evict/poc_CVE-2018-1002105
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/evict/poc_CVE-2018-1002105
13
reference_url https://github.com/kubernetes/kubernetes/commit/2257c1ecbe3c0cf71dd50b82752ae189c94ec905
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/commit/2257c1ecbe3c0cf71dd50b82752ae189c94ec905
14
reference_url https://github.com/kubernetes/kubernetes/issues/71411
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/issues/71411
15
reference_url https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
16
reference_url https://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1002105
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1002105
18
reference_url https://security.netapp.com/advisory/ntap-20190416-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190416-0001
19
reference_url https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do
20
reference_url https://www.exploit-db.com/exploits/46052
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46052
21
reference_url https://www.exploit-db.com/exploits/46053
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46053
22
reference_url https://www.openwall.com/lists/oss-security/2019/06/28/2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2019/06/28/2
23
reference_url https://www.openwall.com/lists/oss-security/2019/07/06/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2019/07/06/3
24
reference_url https://www.openwall.com/lists/oss-security/2019/07/06/4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2019/07/06/4
25
reference_url https://www.securityfocus.com/bid/106068
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.securityfocus.com/bid/106068
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1648138
reference_id 1648138
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1648138
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915828
reference_id 915828
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915828
28
reference_url https://github.com/evict/poc_CVE-2018-1002105/blob/ed5da79aadad0049d11f89fcb9ed65f987a331a1/unauth_poc.py
reference_id CVE-2018-1002105
reference_type exploit
scores
url https://github.com/evict/poc_CVE-2018-1002105/blob/ed5da79aadad0049d11f89fcb9ed65f987a331a1/unauth_poc.py
29
reference_url https://github.com/evict/poc_CVE-2018-1002105/blob/f704f2e593fbb686b4a5799dc13e8bfcec13f3c3/poc.py
reference_id CVE-2018-1002105
reference_type exploit
scores
url https://github.com/evict/poc_CVE-2018-1002105/blob/f704f2e593fbb686b4a5799dc13e8bfcec13f3c3/poc.py
30
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46052.py
reference_id CVE-2018-1002105
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46052.py
31
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46053.py
reference_id CVE-2018-1002105
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46053.py
fixed_packages
aliases CVE-2018-1002105, GHSA-579h-mv94-g4gp
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3m8h-88sb-f7hk
1
url VCID-ep8y-hq9y-afcu
vulnerability_id VCID-ep8y-hq9y-afcu
summary atomic-openshift: cluster-reader can escalate to creating builds via webhooks in any project
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15138.json
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15138.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15138
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37439
published_at 2026-04-01T12:55:00Z
1
value 0.00165
scoring_system epss
scoring_elements 0.37605
published_at 2026-04-02T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.37628
published_at 2026-04-04T12:55:00Z
3
value 0.00165
scoring_system epss
scoring_elements 0.37506
published_at 2026-04-07T12:55:00Z
4
value 0.00165
scoring_system epss
scoring_elements 0.37557
published_at 2026-04-08T12:55:00Z
5
value 0.00165
scoring_system epss
scoring_elements 0.3757
published_at 2026-04-09T12:55:00Z
6
value 0.00165
scoring_system epss
scoring_elements 0.37584
published_at 2026-04-11T12:55:00Z
7
value 0.00165
scoring_system epss
scoring_elements 0.3755
published_at 2026-04-12T12:55:00Z
8
value 0.00165
scoring_system epss
scoring_elements 0.37524
published_at 2026-04-13T12:55:00Z
9
value 0.00165
scoring_system epss
scoring_elements 0.37571
published_at 2026-04-16T12:55:00Z
10
value 0.00165
scoring_system epss
scoring_elements 0.37552
published_at 2026-04-18T12:55:00Z
11
value 0.00165
scoring_system epss
scoring_elements 0.37487
published_at 2026-04-21T12:55:00Z
12
value 0.00165
scoring_system epss
scoring_elements 0.37267
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15138
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1566212
reference_id 1566212
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1566212
fixed_packages
aliases CVE-2017-15138
risk_score 2.2
exploitability 0.5
weighted_severity 4.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ep8y-hq9y-afcu
2
url VCID-vtvy-ec7a-xua9
vulnerability_id VCID-vtvy-ec7a-xua9
summary atomic-openshift: image import whitelist can be bypassed by creating an imagestream or using oc tag
references
0
reference_url https://access.redhat.com/errata/RHBA-2018:0489
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2018:0489
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15137.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15137.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15137
reference_id
reference_type
scores
0
value 0.00167
scoring_system epss
scoring_elements 0.37698
published_at 2026-04-01T12:55:00Z
1
value 0.00167
scoring_system epss
scoring_elements 0.37527
published_at 2026-04-24T12:55:00Z
2
value 0.00167
scoring_system epss
scoring_elements 0.37799
published_at 2026-04-13T12:55:00Z
3
value 0.00167
scoring_system epss
scoring_elements 0.37826
published_at 2026-04-18T12:55:00Z
4
value 0.00167
scoring_system epss
scoring_elements 0.37764
published_at 2026-04-21T12:55:00Z
5
value 0.00167
scoring_system epss
scoring_elements 0.3788
published_at 2026-04-02T12:55:00Z
6
value 0.00167
scoring_system epss
scoring_elements 0.37904
published_at 2026-04-04T12:55:00Z
7
value 0.00167
scoring_system epss
scoring_elements 0.37783
published_at 2026-04-07T12:55:00Z
8
value 0.00167
scoring_system epss
scoring_elements 0.37833
published_at 2026-04-08T12:55:00Z
9
value 0.00167
scoring_system epss
scoring_elements 0.37846
published_at 2026-04-16T12:55:00Z
10
value 0.00167
scoring_system epss
scoring_elements 0.37861
published_at 2026-04-11T12:55:00Z
11
value 0.00167
scoring_system epss
scoring_elements 0.37825
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15137
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1566191
reference_id 1566191
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1566191
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15137
reference_id CVE-2017-15137
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2017-15137
fixed_packages
aliases CVE-2017-15137
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vtvy-ec7a-xua9
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cockpit@160-3%3Farch=el7