osc open_ondemand の CVE(3 件)

CVE 件数: 3 CPE versions: View versions table

概要

本ページは osc open_ondemand に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。

表示中 13 / 3 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-26002 Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible. [email protected] 6.3 0.53% 2026-03-04 2026-06-17
CVE-2025-66029 Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to it. Maintainers anticipate a patch in a 4.1 release. Workarounds exist for 4.0.x versions. Using `custom_location_directives` in `ood_portal.yml` in version 4.0.x (not available for versions below 4.0) c [email protected] 7.6 0.17% 2025-12-17 2026-06-17
CVE-2020-36247 Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. [email protected] 8.8 0.43% 2021-02-19 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence