Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/cockpit@160-3?arch=el7

Type rpm

Namespace redhat

Name cockpit

Version 160-3

Qualifiers

arch	el7

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-ce2d-tx37-zydv

vulnerability_id

VCID-ce2d-tx37-zydv

summary

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1002105.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1002105.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1002105

reference_id

reference_type

scores

value	0.90104
scoring_system	epss
scoring_elements	0.99605
published_at	2026-06-05T12:55:00Z

value	0.90104
scoring_system	epss
scoring_elements	0.99604
published_at	2026-06-06T12:55:00Z

value	0.90104
scoring_system	epss
scoring_elements	0.99603
published_at	2026-06-07T12:55:00Z

value	0.90189
scoring_system	epss
scoring_elements	0.99607
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1002105

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002105
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002105

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/evict/poc_CVE-2018-1002105

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/evict/poc_CVE-2018-1002105

reference_url

https://github.com/kubernetes/kubernetes/commit/2257c1ecbe3c0cf71dd50b82752ae189c94ec905

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/kubernetes/kubernetes/commit/2257c1ecbe3c0cf71dd50b82752ae189c94ec905

reference_url

https://github.com/kubernetes/kubernetes/issues/71411

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/kubernetes/kubernetes/issues/71411

reference_url

https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88

reference_url

https://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1002105

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1002105

reference_url

https://security.netapp.com/advisory/ntap-20190416-0001

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190416-0001

reference_url

https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do

reference_url

https://www.exploit-db.com/exploits/46052

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/46052

reference_url

https://www.exploit-db.com/exploits/46053

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/46053

reference_url

https://www.openwall.com/lists/oss-security/2019/06/28/2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2019/06/28/2

reference_url

https://www.openwall.com/lists/oss-security/2019/07/06/3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2019/07/06/3

reference_url

https://www.openwall.com/lists/oss-security/2019/07/06/4

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2019/07/06/4

reference_url

https://www.securityfocus.com/bid/106068

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.securityfocus.com/bid/106068

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1648138
reference_id	1648138
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1648138

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915828
reference_id	915828
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915828

reference_url	https://github.com/evict/poc_CVE-2018-1002105/blob/ed5da79aadad0049d11f89fcb9ed65f987a331a1/unauth_poc.py
reference_id	CVE-2018-1002105
reference_type	exploit
scores
url	https://github.com/evict/poc_CVE-2018-1002105/blob/ed5da79aadad0049d11f89fcb9ed65f987a331a1/unauth_poc.py

reference_url	https://github.com/evict/poc_CVE-2018-1002105/blob/f704f2e593fbb686b4a5799dc13e8bfcec13f3c3/poc.py
reference_id	CVE-2018-1002105
reference_type	exploit
scores
url	https://github.com/evict/poc_CVE-2018-1002105/blob/f704f2e593fbb686b4a5799dc13e8bfcec13f3c3/poc.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46052.py
reference_id	CVE-2018-1002105
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46052.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46053.py
reference_id	CVE-2018-1002105
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46053.py

reference_url	https://access.redhat.com/errata/RHSA-2018:2906
reference_id	RHSA-2018:2906
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2906

reference_url	https://access.redhat.com/errata/RHSA-2018:2908
reference_id	RHSA-2018:2908
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2908

reference_url

https://access.redhat.com/errata/RHSA-2018:3537

reference_id

RHSA-2018:3537

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:3537

reference_url

https://access.redhat.com/errata/RHSA-2018:3549

reference_id

RHSA-2018:3549

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:3549

reference_url

https://access.redhat.com/errata/RHSA-2018:3551

reference_id

RHSA-2018:3551

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:3551

reference_url

https://access.redhat.com/errata/RHSA-2018:3598

reference_id

RHSA-2018:3598

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:3598

reference_url

https://access.redhat.com/errata/RHSA-2018:3624

reference_id

RHSA-2018:3624

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:3624

reference_url

https://access.redhat.com/errata/RHSA-2018:3742

reference_id

RHSA-2018:3742

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:3742

reference_url

https://access.redhat.com/errata/RHSA-2018:3752

reference_id

RHSA-2018:3752

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:3752

reference_url

https://access.redhat.com/errata/RHSA-2018:3754

reference_id

RHSA-2018:3754

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:3754

fixed_packages

aliases

CVE-2018-1002105, GHSA-579h-mv94-g4gp

risk_score

10.0

exploitability

2.0

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-ce2d-tx37-zydv

url

VCID-e21t-d8nr-d3hy

vulnerability_id

VCID-e21t-d8nr-d3hy

summary

atomic-openshift: cluster-reader can escalate to creating builds via webhooks in any project

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15138.json

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15138.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15138

reference_id

reference_type

scores

value	0.00165
scoring_system	epss
scoring_elements	0.37217
published_at	2026-06-04T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37308
published_at	2026-06-05T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37314
published_at	2026-06-06T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37282
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15138

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1566212
reference_id	1566212
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1566212

fixed_packages

aliases

CVE-2017-15138

risk_score

2.2

exploitability

0.5

weighted_severity

4.5

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-e21t-d8nr-d3hy

url

VCID-rnzg-hqnn-4ya5

vulnerability_id

VCID-rnzg-hqnn-4ya5

summary

atomic-openshift: image import whitelist can be bypassed by creating an imagestream or using oc tag

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15137.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15137.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15137

reference_id

reference_type

scores

value	0.00167
scoring_system	epss
scoring_elements	0.37479
published_at	2026-06-04T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37572
published_at	2026-06-05T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37574
published_at	2026-06-06T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37542
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15137

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1566191
reference_id	1566191
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1566191

fixed_packages

aliases

CVE-2017-15137

risk_score

1.9

exploitability

0.5

weighted_severity

3.9

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-rnzg-hqnn-4ya5

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cockpit@160-3%3Farch=el7

Package Instance