Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Openshift Container Platform
Total 227 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1108 2 Netapp, Redhat 17 Oncommand Workflow Automation, Build Of Quarkus, Decision Manager and 14 more 2023-12-10 N/A 7.5 HIGH
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
CVE-2023-3153 2 Ovn, Redhat 4 Open Virtual Network, Enterprise Linux, Fast Datapath and 1 more 2023-12-10 N/A 5.3 MEDIUM
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.
CVE-2022-3916 1 Redhat 7 Enterprise Linux, Keycloak, Openshift Container Platform and 4 more 2023-12-10 N/A 6.8 MEDIUM
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.
CVE-2023-2422 1 Redhat 4 Enterprise Linux, Keycloak, Openshift Container Platform and 1 more 2023-12-10 N/A 7.1 HIGH
A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.
CVE-2023-4065 1 Redhat 4 Enterprise Linux, Jboss A-mq, Jboss Middleware and 1 more 2023-12-10 N/A 5.5 MEDIUM
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.
CVE-2023-4066 1 Redhat 4 Enterprise Linux, Jboss A-mq, Jboss Middleware and 1 more 2023-12-10 N/A 5.5 MEDIUM
A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker.
CVE-2023-3223 1 Redhat 8 Enterprise Linux, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Text-only Advisories and 5 more 2023-12-10 N/A 7.5 HIGH
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
CVE-2022-4039 1 Redhat 6 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Ibm Z and 3 more 2023-12-10 N/A 9.8 CRITICAL
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.
CVE-2022-3466 2 Kubernetes, Redhat 2 Cri-o, Openshift Container Platform 2023-12-10 N/A 5.3 MEDIUM
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.
CVE-2022-4361 1 Redhat 6 Enterprise Linux, Keycloak, Openshift Container Platform and 3 more 2023-12-10 N/A 6.1 MEDIUM
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.
CVE-2021-3684 1 Redhat 3 Enterprise Linux, Openshift Assisted Installer, Openshift Container Platform 2023-12-10 N/A 5.5 MEDIUM
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.
CVE-2023-2253 1 Redhat 3 Openshift Api For Data Protection, Openshift Container Platform, Openshift Developer Tools And Services 2023-12-10 N/A 6.5 MEDIUM
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.
CVE-2023-3089 1 Redhat 6 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Arm64 and 3 more 2023-12-10 N/A 7.5 HIGH
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
CVE-2023-0056 3 Fedoraproject, Haproxy, Redhat 10 Extra Packages For Enterprise Linux, Fedora, Haproxy and 7 more 2023-12-10 N/A 6.5 MEDIUM
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.
CVE-2023-1668 3 Cloudbase, Debian, Redhat 7 Open Vswitch, Debian Linux, Enterprise Linux and 4 more 2023-12-10 N/A 8.2 HIGH
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
CVE-2023-27561 3 Debian, Linuxfoundation, Redhat 4 Debian Linux, Runc, Enterprise Linux and 1 more 2023-12-10 N/A 7.0 HIGH
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
CVE-2021-3827 1 Redhat 4 Enterprise Linux, Keycloak, Openshift Container Platform and 1 more 2023-12-10 N/A 6.8 MEDIUM
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.
CVE-2021-3669 5 Debian, Fedoraproject, Ibm and 2 more 24 Debian Linux, Fedora, Spectrum Copy Data Management and 21 more 2023-12-10 N/A 5.5 MEDIUM
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.
CVE-2021-3695 4 Fedoraproject, Gnu, Netapp and 1 more 14 Fedora, Grub2, Ontap Select Deploy Administration Utility and 11 more 2023-12-10 4.4 MEDIUM 4.5 MEDIUM
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
CVE-2022-1632 2 Fedoraproject, Redhat 3 Fedora, Ansible Automation Platform, Openshift Container Platform 2023-12-10 N/A 6.5 MEDIUM
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.