Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openshift_container_platform
(Redhat)| Repositories |
• https://github.com/FasterXML/jackson-databind
• https://github.com/torvalds/linux • https://github.com/Perl/perl5 • https://github.com/evanphx/json-patch • https://github.com/ansible/ansible |
| #Vulnerabilities | 228 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-07-24 | CVE-2024-7079 | A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint. | Openshift_container_platform | 6.5 | ||
| 2019-04-08 | CVE-2019-0211 | In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected. | Http_server, Ubuntu_linux, Debian_linux, Fedora, Oncommand_unified_manager, Leap, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Http_server, Instantis_enterprisetrack, Retail_xstore_point_of_service, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_arm_64, Enterprise_linux_for_arm_64_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_update_services_for_sap_solutions, Jboss_core_services, Openshift_container_platform, Openshift_container_platform_for_power, Software_collections | 7.8 | ||
| 2019-03-25 | CVE-2019-7609 | Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | Kibana, Openshift_container_platform | 10.0 | ||
| 2019-03-08 | CVE-2019-1003030 | A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM. | Pipeline\:_groovy, Openshift_container_platform | 9.9 | ||
| 2023-03-03 | CVE-2023-27561 | runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. | Debian_linux, Runc, Enterprise_linux, Openshift_container_platform | 7.0 | ||
| 2023-09-27 | CVE-2023-4065 | A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions. | Jboss_a\-Mq, Jboss_middleware, Openshift_container_platform | 5.5 | ||
| 2019-03-08 | CVE-2019-1003029 | A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. | Script_security, Openshift_container_platform | 9.9 | ||
| 2022-04-29 | CVE-2022-1227 | A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. | Fedora, Podman, Psgo, Developer_tools, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_little_endian, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_workstation, Openshift_container_platform, Quay | 8.8 | ||
| 2022-02-16 | CVE-2021-3560 | It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | Ubuntu_linux, Debian_linux, Polkit, Openshift_container_platform, Virtualization, Virtualization_host | 7.8 | ||
| 2022-12-28 | CVE-2021-4294 | A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987. | Openshift_container_platform, Openshift_osin | 5.9 |