Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openshift_container_platform
(Redhat)| Repositories |
• https://github.com/FasterXML/jackson-databind
• https://github.com/torvalds/linux • https://github.com/Perl/perl5 • https://github.com/evanphx/json-patch • https://github.com/ansible/ansible |
| #Vulnerabilities | 237 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-04-10 | CVE-2023-1668 | A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. | Open_vswitch, Debian_linux, Fast_datapath, Openshift_container_platform, Openstack_platform, Virtualization | 8.2 | ||
| 2023-07-05 | CVE-2023-3089 | A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. | Openshift_container_platform, Openshift_container_platform_for_arm64, Openshift_container_platform_for_linuxone, Openshift_container_platform_for_power, Openshift_container_platform_ibm_z_systems | 7.5 | ||
| 2023-07-07 | CVE-2022-4361 | Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. | Keycloak, Openshift_container_platform, Openshift_container_platform_for_ibm_linuxone, Openshift_container_platform_for_power, Single_sign\-On | 6.1 | ||
| 2023-08-04 | CVE-2023-0264 | A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability. | Keycloak, Openshift_container_platform, Openshift_container_platform_for_ibm_linuxone, Openshift_container_platform_ibm_z_systems, Single_sign\-On | 5.0 | ||
| 2023-09-14 | CVE-2023-1108 | A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. | Oncommand_workflow_automation, Build_of_quarkus, Decision_manager, Fuse, Integration_camel_k, Integration_service_registry, Jboss_enterprise_application_platform, Jboss_enterprise_application_platform_expansion_pack, Openshift_application_runtimes, Openshift_container_platform, Openshift_container_platform_for_linuxone, Openshift_container_platform_for_power, Openstack_platform, Process_automation, Single_sign\-On, Undertow | 7.5 | ||
| 2023-09-15 | CVE-2022-3466 | The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when... | Cri\-O, Openshift_container_platform | 5.3 | ||
| 2023-09-20 | CVE-2023-4853 | A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service. | Quarkus, Build_of_optaplanner, Build_of_quarkus, Decision_manager, Integration_camel_k, Integration_camel_quarkus, Integration_service_registry, Jboss_middleware, Jboss_middleware_text\-Only_advisories, Openshift_container_platform, Openshift_serverless, Process_automation_manager | 8.1 | ||
| 2023-09-20 | CVE-2022-3916 | A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. | Keycloak, Openshift_container_platform, Openshift_container_platform_for_linuxone, Openshift_container_platform_for_power, Openshift_container_platform_ibm_z_systems, Single_sign\-On | 6.8 | ||
| 2023-09-22 | CVE-2022-4039 | A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration. | Openshift_container_platform, Openshift_container_platform_for_ibm_z, Openshift_container_platform_for_linuxone, Openshift_container_platform_for_power, Single_sign\-On | 9.8 | ||
| 2023-09-24 | CVE-2023-1260 | An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. | Kube\-Apiserver, Openshift_container_platform | 8.0 |