Filtered by vendor Redhat Subscriptions
Filtered by product Openshift Container Platform Subscriptions
Total 240 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-5408 1 Redhat 2 Openshift, Openshift Container Platform 2024-11-23 7.2 High
A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.
CVE-2023-4066 1 Redhat 6 Amq Broker, Enterprise Linux, Jboss A-mq and 3 more 2024-11-23 5.5 Medium
A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker.
CVE-2023-4065 1 Redhat 6 Amq Broker, Enterprise Linux, Jboss A-mq and 3 more 2024-11-23 5.5 Medium
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.
CVE-2023-5366 2 Openvswitch, Redhat 7 Openvswitch, Enterprise Linux, Fast Datapath and 4 more 2024-11-21 7.1 High
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
CVE-2023-3223 1 Redhat 20 Enterprise Linux, Integration, Jboss Data Grid and 17 more 2024-11-21 7.5 High
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
CVE-2023-3153 2 Ovn, Redhat 6 Open Virtual Network, Enterprise Linux, Fast Datapath and 3 more 2024-11-21 5.3 Medium
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.
CVE-2023-3089 1 Redhat 18 Acm, Amq Streams, Container Native Virtualization and 15 more 2024-11-21 7 High
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
CVE-2023-2585 1 Redhat 8 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Ibm Z and 5 more 2024-11-21 3.5 Low
Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client.
CVE-2023-2422 1 Redhat 6 Enterprise Linux, Keycloak, Openshift Container Platform and 3 more 2024-11-21 5.5 Medium
A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.
CVE-2023-2253 1 Redhat 5 Openshift, Openshift Api Data Protection, Openshift Api For Data Protection and 2 more 2024-11-21 6.5 Medium
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.
CVE-2023-1668 3 Cloudbase, Debian, Redhat 8 Open Vswitch, Debian Linux, Enterprise Linux and 5 more 2024-11-21 8.2 High
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
CVE-2023-1260 2 Kubernetes, Redhat 4 Kube-apiserver, Openshift, Openshift Container Platform and 1 more 2024-11-21 8 High
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.
CVE-2023-1108 2 Netapp, Redhat 28 Oncommand Workflow Automation, Build Of Quarkus, Camel Quarkus and 25 more 2024-11-21 7.5 High
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
CVE-2023-0264 1 Redhat 8 Enterprise Linux, Keycloak, Openshift Container Platform and 5 more 2024-11-21 5.0 Medium
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
CVE-2023-0056 3 Fedoraproject, Haproxy, Redhat 12 Extra Packages For Enterprise Linux, Fedora, Haproxy and 9 more 2024-11-21 6.5 Medium
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.
CVE-2022-4361 1 Redhat 8 Enterprise Linux, Keycloak, Openshift Container Platform and 5 more 2024-11-21 10 Critical
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.
CVE-2022-4145 1 Redhat 2 Openshift, Openshift Container Platform 2024-11-21 4.3 Medium
A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation.
CVE-2022-4039 1 Redhat 8 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Ibm Z and 5 more 2024-11-21 8 High
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.
CVE-2022-42442 2 Ibm, Redhat 2 Robotic Process Automation For Cloud Pak, Openshift Container Platform 2024-11-21 3.3 Low
IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214.
CVE-2022-3916 1 Redhat 9 Enterprise Linux, Keycloak, Openshift Container Platform and 6 more 2024-11-21 6.8 Medium
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.