Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openshift_container_platform
(Redhat)| Repositories |
• https://github.com/FasterXML/jackson-databind
• https://github.com/torvalds/linux • https://github.com/Perl/perl5 • https://github.com/evanphx/json-patch • https://github.com/ansible/ansible |
| #Vulnerabilities | 237 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-27 | CVE-2023-3223 | A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. | Jboss_enterprise_application_platform, Jboss_enterprise_application_platform_text\-Only_advisories, Openshift_container_platform, Openshift_container_platform_for_ibm_linuxone, Openshift_container_platform_for_power, Single_sign\-On, Undertow | 7.5 | ||
| 2023-09-27 | CVE-2023-4065 | A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions. | Jboss_a\-Mq, Jboss_middleware, Openshift_container_platform | 5.5 | ||
| 2023-09-27 | CVE-2023-4066 | A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker. | Jboss_a\-Mq, Jboss_middleware, Openshift_container_platform | 5.5 | ||
| 2023-10-04 | CVE-2023-2422 | A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients. | Keycloak, Openshift_container_platform, Single_sign\-On | 7.1 | ||
| 2023-10-04 | CVE-2023-3153 | A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured. | Open_virtual_network, Fast_datapath, Openshift_container_platform | 5.3 | ||
| 2023-10-05 | CVE-2022-4145 | A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation. | Openshift_container_platform | 5.3 | ||
| 2023-10-05 | CVE-2022-3248 | A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied. | Advanced_cluster_management_for_kubernetes, Openshift_container_platform | 7.5 | ||
| 2023-10-06 | CVE-2023-5366 | A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. | Openvswitch, Enterprise_linux, Fast_datapath, Openshift_container_platform, Virtualization | 5.5 | ||
| 2023-11-02 | CVE-2023-5408 | A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster. | Openshift_container_platform | 7.2 | ||
| 2023-12-14 | CVE-2023-6563 | An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system. | Keycloak, Openshift_container_platform, Openshift_container_platform_for_ibm_linuxone, Openshift_container_platform_for_power, Single_sign\-On | 7.7 |