Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openshift_container_platform
(Redhat)| Repositories |
• https://github.com/FasterXML/jackson-databind
• https://github.com/torvalds/linux • https://github.com/Perl/perl5 • https://github.com/evanphx/json-patch • https://github.com/ansible/ansible |
| #Vulnerabilities | 241 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-22 | CVE-2022-4039 | A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration. | Openshift_container_platform, Openshift_container_platform_for_ibm_z, Openshift_container_platform_for_linuxone, Openshift_container_platform_for_power, Single_sign\-On | 9.8 | ||
| 2023-09-24 | CVE-2023-1260 | An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. | Kube\-Apiserver, Openshift_container_platform | 8.0 | ||
| 2023-09-27 | CVE-2023-3223 | A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. | Jboss_enterprise_application_platform, Jboss_enterprise_application_platform_text\-Only_advisories, Openshift_container_platform, Openshift_container_platform_for_ibm_linuxone, Openshift_container_platform_for_power, Single_sign\-On, Undertow | 7.5 | ||
| 2023-09-27 | CVE-2023-4065 | A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions. | Jboss_a\-Mq, Jboss_middleware, Openshift_container_platform | 5.5 | ||
| 2023-09-27 | CVE-2023-4066 | A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker. | Jboss_a\-Mq, Jboss_middleware, Openshift_container_platform | 5.5 | ||
| 2023-10-04 | CVE-2023-2422 | A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients. | Keycloak, Openshift_container_platform, Single_sign\-On | 7.1 | ||
| 2023-10-04 | CVE-2023-3153 | A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured. | Open_virtual_network, Fast_datapath, Openshift_container_platform | 5.3 | ||
| 2023-10-05 | CVE-2022-4145 | A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation. | Openshift_container_platform | 5.3 | ||
| 2023-10-05 | CVE-2022-3248 | A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied. | Advanced_cluster_management_for_kubernetes, Openshift_container_platform | 7.5 | ||
| 2023-10-06 | CVE-2023-5366 | A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. | Openvswitch, Enterprise_linux, Fast_datapath, Openshift_container_platform, Virtualization | 5.5 |