Filtered by vendor Redhat Subscriptions
Filtered by product Openshift Container Platform Subscriptions
Total 240 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-3466 2 Kubernetes, Redhat 4 Cri-o, Openshift, Openshift Container Platform and 1 more 2024-11-21 4.8 Medium
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.
CVE-2022-3248 1 Redhat 6 Acm, Advanced Cluster Management For Kubernetes, Ansible Automation Platform and 3 more 2024-11-21 4.4 Medium
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.
CVE-2022-2990 2 Buildah Project, Redhat 4 Buildah, Enterprise Linux, Openshift and 1 more 2024-11-21 7.1 High
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
CVE-2022-2989 2 Podman Project, Redhat 3 Podman, Enterprise Linux, Openshift Container Platform 2024-11-21 7.1 High
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
CVE-2022-2132 4 Debian, Dpdk, Fedoraproject and 1 more 15 Debian Linux, Data Plane Development Kit, Fedora and 12 more 2024-11-21 8.6 High
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
CVE-2022-27652 4 Fedoraproject, Kubernetes, Mobyproject and 1 more 5 Fedora, Cri-o, Moby and 2 more 2024-11-21 5.3 Medium
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
CVE-2022-27650 3 Crun Project, Fedoraproject, Redhat 4 Crun, Fedora, Enterprise Linux and 1 more 2024-11-21 7.5 High
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
CVE-2022-27649 3 Fedoraproject, Podman Project, Redhat 15 Fedora, Podman, Developer Tools and 12 more 2024-11-21 7.5 High
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
CVE-2022-1708 3 Fedoraproject, Kubernetes, Redhat 5 Fedora, Cri-o, Enterprise Linux and 2 more 2024-11-21 7.5 High
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.
CVE-2022-1706 2 Fedoraproject, Redhat 5 Fedora, Enterprise Linux, Ignition and 2 more 2024-11-21 6.5 Medium
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.
CVE-2022-1677 1 Redhat 2 Openshift, Openshift Container Platform 2024-11-21 6.3 Medium
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.
CVE-2022-1632 2 Fedoraproject, Redhat 3 Fedora, Ansible Automation Platform, Openshift Container Platform 2024-11-21 6.5 Medium
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.
CVE-2022-1274 1 Redhat 10 Enterprise Linux, Enterprise Linux For Ibm Z Systems, Enterprise Linux For Ibm Z Systems Eus and 7 more 2024-11-21 5.4 Medium
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
CVE-2022-1227 4 Fedoraproject, Podman Project, Psgo Project and 1 more 19 Fedora, Podman, Psgo and 16 more 2024-11-21 8.8 High
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
CVE-2022-0718 3 Debian, Openstack, Redhat 5 Debian Linux, Oslo.utils, Openshift Container Platform and 2 more 2024-11-21 4.9 Medium
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.
CVE-2022-0711 3 Debian, Haproxy, Redhat 6 Debian Linux, Haproxy, Enterprise Linux and 3 more 2024-11-21 7.5 High
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.
CVE-2022-0669 3 Dpdk, Openvswitch, Redhat 4 Data Plane Development Kit, Openvswitch, Enterprise Linux and 1 more 2024-11-21 6.5 Medium
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
CVE-2022-0532 2 Kubernetes, Redhat 3 Cri-o, Openshift, Openshift Container Platform 2024-11-21 4.2 Medium
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.
CVE-2021-4294 1 Redhat 3 Openshift, Openshift Container Platform, Openshift Osin 2024-11-21 2.6 Low
A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987.
CVE-2021-4104 4 Apache, Fedoraproject, Oracle and 1 more 59 Log4j, Fedora, Advanced Supply Chain Planning and 56 more 2024-11-21 7.5 High
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.