Product:

Openshift_container_platform

(Redhat)
Date Id Summary Products Score Patch Annotated
2023-09-22 CVE-2022-4039 A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration. Openshift_container_platform, Openshift_container_platform_for_ibm_z, Openshift_container_platform_for_linuxone, Openshift_container_platform_for_power, Single_sign\-On 9.8
2023-09-27 CVE-2023-4066 A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker. Jboss_a\-Mq, Jboss_middleware, Openshift_container_platform 5.5
2023-10-04 CVE-2023-2422 A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients. Keycloak, Openshift_container_platform, Single_sign\-On 7.1
2023-10-04 CVE-2023-3153 A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured. Open_virtual_network, Fast_datapath, Openshift_container_platform 5.3
2023-10-05 CVE-2022-4145 A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation. Openshift_container_platform 5.3
2023-10-05 CVE-2022-3248 A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied. Advanced_cluster_management_for_kubernetes, Openshift_container_platform 7.5
2019-01-22 CVE-2019-1003000 A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM. Script_security, Openshift_container_platform 8.8
2019-01-22 CVE-2019-1003001 A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. Pipeline\:_groovy, Openshift_container_platform 8.8
2019-01-22 CVE-2019-1003002 A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. Pipeline\:_declarative, Openshift_container_platform 8.8
2019-01-22 CVE-2019-1003003 An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts. Jenkins, Openshift_container_platform 7.2