Latest redhat openshift container platform Vulnerabilities

CVE-2023-48795
Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
pip/paramiko>=2.5.0<3.4.0
go/golang.org/x/crypto<0.17.0
rust/russh<0.40.2
Apple macOS Sonoma<14.4
redhat/PuTTY<0.80
redhat/AsyncSSH<2.14.1
and 121 more
CVE-2023-6476
Cri-o: pods are able to break out of resource confinement on cgroupv2
go/github.com/cri-o/cri-o<1.27.3
go/github.com/cri-o/cri-o>=1.28.0<1.28.3
go/github.com/cri-o/cri-o=1.29.0
Redhat Openshift Container Platform=3.11
Redhat Openshift Container Platform=4.13
Redhat Openshift Container Platform=4.14
and 4 more
CVE-2023-6563
Keycloak: offline session token dos
Redhat Keycloak<21.0.0
Redhat Single Sign-on=7.6
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Redhat Single Sign-on
and 11 more
CVE-2023-6291
Keycloak: redirect_uri validation bypass
maven/org.keycloak:keycloak-services<23.0.3
Redhat Keycloak<22.0.7
Redhat Single Sign-on
Redhat Openshift Container Platform=4.11
Redhat Openshift Container Platform=4.12
Redhat Openshift Container Platform For Ibm Z=4.9
and 12 more
CVE-2023-6134
Keycloak: reflected xss via wildcard in oidc redirect_uri
maven/org.keycloak:keycloak-services<23.0.3
Redhat Single Sign-on<7.6.6
Redhat Keycloak<22.0.7
Redhat Single Sign-on<7.6
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
and 11 more
CVE-2023-44487
- Rapid Reset HTTP/2 vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 11=21H2
Microsoft Windows Server 2022
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
Microsoft Windows 11=22H2
and 553 more
CVE-2023-5408
Openshift: modification of node role labels
Redhat Openshift Container Platform=4.11
Redhat Openshift Container Platform=4.12
Redhat Openshift Container Platform=4.13
Redhat Openshift Container Platform=4.14
CVE-2023-4853
Quarkus: http security policy bypass
maven/io.quarkus:quarkus-keycloak-authorization>=3.3.0<3.3.3
maven/io.quarkus:quarkus-keycloak-authorization>=3.0.0<3.2.6.Final
maven/io.quarkus:quarkus-keycloak-authorization<2.16.11.Final
maven/io.quarkus:quarkus-csrf-reactive>=3.3.0<3.3.3
maven/io.quarkus:quarkus-csrf-reactive>=3.0.0<3.2.6.Final
maven/io.quarkus:quarkus-csrf-reactive<2.16.11.Final
and 25 more
CVE-2023-4066
Passwords defined in secrets shown in statefulset yaml
Redhat Jboss A-mq=7
Redhat Jboss Middleware=1
Redhat Openshift Container Platform=4.11
Redhat Openshift Container Platform=4.12
Redhat Enterprise Linux=8.0
CVE-2023-4065
Plaintext password in operator log
Redhat Jboss A-mq=7
Redhat Jboss Middleware=1
Redhat Openshift Container Platform=4.11
Redhat Openshift Container Platform=4.12
Redhat Enterprise Linux=8.0
redhat/Red Hat AMQ Broker<7.11.1.
CVE-2023-3153
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP...
Ovn Open Virtual Network<22.03.3
Ovn Open Virtual Network>=22.03.4<22.09.2
Ovn Open Virtual Network>=22.09.3<22.12.1
Ovn Open Virtual Network>=22.12.2<23.03.1
Ovn Open Virtual Network>=23.03.2<23.06.1
Redhat Openshift Container Platform=4.0
and 7 more
CVE-2023-3089
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Redhat Openshift Container Platform=4.10
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Openshift Container Platform For Linuxone=4.10
Redhat Openshift Container Platform For Linuxone=4.11
Redhat Openshift Container Platform For Power=4.10
and 10 more
CVE-2023-3223
Outofmemoryerror due to @multipartconfig handling
redhat/undertow<2.2.24
Redhat Undertow<2.2.24
Redhat Openshift Container Platform=4.11
Redhat Openshift Container Platform=4.12
Redhat Openshift Container Platform For Ibm Linuxone=4.9
Redhat Openshift Container Platform For Ibm Linuxone=4.10
and 10 more
CVE-2023-2585
Client access via device auth request spoof
redhat/rh-sso7-keycloak<0:18.0.8-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:18.0.8-1.redhat_00001.1.el8
redhat/rh-sso7-keycloak<0:18.0.8-1.redhat_00001.1.el9
maven/org.keycloak:keycloak-server-spi-private<21.1.2
maven/org.keycloak:keycloak-services<21.1.2
Redhat Single Sign-on=7.6
and 13 more
CVE-2023-2422
When a Keycloak server is configured to support mTLS authentication for OAuth/OpenID clients, it does not properly verify the client certificate chain. A client that possesses a proper certificate can...
maven/org.keycloak:keycloak-services<21.1.2
Redhat Keycloak
Redhat Openshift Container Platform=4.9
Redhat Openshift Container Platform=4.10
Redhat Openshift Container Platform=4.11
Redhat Openshift Container Platform=4.12
and 5 more
CVE-2023-2253
### Impact Systems that run `distribution` built after a specific commit running on memory-restricted environments can suffer from denial of service by a crafted malicious `/v2/_catalog` API endpoint...
IETF HTTP/2
Redhat Openshift Container Platform=4.0
Microsoft Windows Server 2022
go/github.com/docker/distribution<2.8.2-beta.1
debian/docker-registry<=2.6.2~ds1-2
ubuntu/docker-registry<2.8.2+
and 9 more
CVE-2023-1260
Privesc
redhat/openshift<0:4.10.0-202308291228.p0.g26fdcdf.assembly.stream.el7
redhat/openshift<0:4.11.0-202307200925.p0.ga9da4a8.assembly.stream.el8
redhat/openshift<0:4.12.0-202307040929.p0.g1485cc9.assembly.stream.el9
redhat/openshift<0:4.13.0-202307132344.p0.gf245ced.assembly.stream.el9
Kubernetes Kube-apiserver
Redhat Openshift Container Platform=4.10
and 5 more
CVE-2023-27561
runc 1.0.0-rc95 through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to `libcontainer/rootfs_linux.go`. To exploit this, an attacker must be able to spawn two contai...
go/github.com/opencontainers/runc>=1.0.0-rc95<1.1.5
ubuntu/runc<1.1.4-0ubuntu1~18.04.2
ubuntu/runc<1.1.4-0ubuntu1~20.04.3
ubuntu/runc<1.1.4-0ubuntu1~22.04.3
ubuntu/runc<1.1.4-0ubuntu3.1
ubuntu/runc<1.1.4-0ubuntu1~22.10.3
and 8 more
CVE-2023-1108
Infinite loop in sslconduit during close
redhat/eap7-undertow<0:2.2.22-1.SP3_redhat_00002.1.el8ea
redhat/eap7-wildfly<0:7.4.9-6.GA_redhat_00004.1.el8ea
redhat/eap7-undertow<0:2.2.23-1.SP2_redhat_00001.1.el8ea
redhat/eap7-undertow-jastow<0:2.0.14-1.Final_redhat_00001.1.el8ea
redhat/eap7-undertow<0:2.2.22-1.SP3_redhat_00002.1.el9ea
redhat/eap7-wildfly<0:7.4.9-6.GA_redhat_00004.1.el9ea
and 39 more
CVE-2023-0264
Keycloak's OpenID Connect user authentication was found to incorrectly authenticate requests. An authenticated attacker who could also obtain a certain piece of info from a user request, from a victim...
redhat/rh-sso7-keycloak<0:18.0.6-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:18.0.6-1.redhat_00001.1.el8
redhat/rh-sso7-keycloak<0:18.0.6-1.redhat_00001.1.el9
maven/org.keycloak:keycloak-services<21.0.1
Redhat Keycloak<18.0.6
Redhat Single Sign-on<7.6.2
and 10 more
CVE-2021-4294
A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function `ClientSecretMatches/CheckClientSecret`. The manipulation of the argument secret leads to ...
go/github.com/openshift/osin<1.0.2-0.20210113124101-8612686d6dda
Redhat Openshift Container Platform=4.0
Redhat Openshift Osin=1.0.0
Redhat Openshift Osin=1.0.1
=4.0
=1.0.0
and 1 more
CVE-2023-0056
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious...
redhat/haproxy<0:2.4.17-3.el9_1.2
redhat/haproxy<0:2.4.7-2.el9_0.2
redhat/haproxy<0:2.2.19-3.el8
redhat/haproxy<0:2.2.24-2.el8
redhat/haproxy<0:2.2.24-3.rhaos4.13.el8
redhat/haproxy<0:2.2.15-6.el8
and 24 more
CVE-2022-4361
AssertionConsumerServiceURL is a Java implementation for SAML Service Providers (org.keycloak.protocol.saml). Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Assertion...
Redhat Keycloak<21.1.2
Redhat Single Sign-on>=7.6<7.6.4
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Redhat Single Sign-on
and 7 more
CVE-2022-4145
A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation.
Redhat Openshift Container Platform=4.0
CVE-2022-4039
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to de...
Redhat Single Sign-on=7.0
Redhat Openshift Container Platform=4.9
Redhat Openshift Container Platform=4.10
Redhat Openshift Container Platform For Ibm Z=4.9
Redhat Openshift Container Platform For Ibm Z=4.10
Redhat Openshift Container Platform For Linuxone=4.9
and 5 more
CVE-2022-3916
An issue was discovered in Keycloak when using a client with the `offline_access` scope. Reuse of session ids across root and user authentication sessions and a lack of root session validation enabled...
maven/org.keycloak:keycloak-parent<=19.0.2
Redhat Keycloak<20.0.2
Redhat Single Sign-on
Redhat Single Sign-on=7.6
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
and 15 more
CVE-2023-1668
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel ...
debian/openvswitch<=2.15.0+ds1-2<=3.1.0-1
Cloudbase Open Vswitch>=1.5.0<2.13.11
Cloudbase Open Vswitch>=2.14.0<2.14.9
Cloudbase Open Vswitch>=2.15.0<2.15.8
Cloudbase Open Vswitch>=2.16.0<2.16.7
Cloudbase Open Vswitch>=2.17.0<2.17.6
and 22 more
CVE-2022-42442
IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platfo...
IBM Robotic Process Automation for Cloud Pak<21.0.6
Redhat Openshift Container Platform
IBM Robotic Process Automation for Cloud Pak<=< 21.0.6
CVE-2022-3466
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect versio...
redhat/cri-o<0:1.25.1-5.rhaos4.12.git6005903.el8
Kubernetes CRI-O
Redhat Openshift Container Platform=3.11
Redhat Openshift Container Platform=4.12
CVE-2022-2990
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to t...
redhat/buildah<1:1.27.0-2.el9
redhat/podman<2:4.2.0-7.el9_1
redhat/buildah<1:1.29.1-1.rhaos4.13.el9
Buildah Project Buildah<1.27.1
Redhat Openshift Container Platform=4.0
Redhat Enterprise Linux=7.0
and 3 more
CVE-2022-2989
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to th...
redhat/buildah<1:1.27.0-2.el9
redhat/podman<2:4.2.0-7.el9_1
Podman Project Podman
Redhat Openshift Container Platform=3.11
Redhat Openshift Container Platform=4.0
Redhat Enterprise Linux=7.0
and 6 more
CVE-2022-2132
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
redhat/dpdk<21.11
redhat/dpdk<20.11
redhat/dpdk<19.11
redhat/openvswitch2.11<0:2.11.3-96.2.el7fd
redhat/openvswitch2.16<0:2.16.0-89.2.el8fd
redhat/openvswitch2.17<0:2.17.0-37.3.el8fd
and 25 more
CVE-2022-1708
### Description An ExecSync request runs a command in a container and returns the output to the Kubelet. It is used for readiness and liveness probes within a pod. The way CRI-O runs ExecSync commands...
redhat/cri-o<1.24.1
redhat/cri-o<1.23.3
redhat/cri-o<1.22.5
redhat/cri-o<1.21.8
redhat/cri-o<1.20.8
redhat/cri-o<1.19.7
and 25 more
CVE-2022-1706
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the I...
redhat/ignition<0:2.14.0-1.el9
redhat/ignition<0:2.14.0-3.rhaos4.11.el8
Redhat Ignition<2.14.0
Redhat Openshift Container Platform=4.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=34
and 2 more
CVE-2022-1632
A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA seems to skip internal Service TLS certificate validation, errorless serving content even if target Service cer...
Redhat Ansible Automation Platform=2.0
Redhat Openshift Container Platform=4.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
CVE-2022-1677
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. Thi...
Redhat Openshift Container Platform=3.11
Redhat Openshift Container Platform=4.6
Redhat Openshift Container Platform=4.7
Redhat Openshift Container Platform=4.8
Redhat Openshift Container Platform=4.9
Redhat Openshift Container Platform=4.10
CVE-2022-1274
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other a...
redhat/rh-sso7-keycloak<0:18.0.6-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:18.0.6-1.redhat_00001.1.el8
redhat/rh-sso7-keycloak<0:18.0.6-1.redhat_00001.1.el9
Redhat Keycloak<20.0.5
Redhat Single Sign-on
Redhat Single Sign-on>=7.6<7.6.2
and 32 more
CVE-2022-3248
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.
Redhat Advanced Cluster Management For Kubernetes=2.0
Redhat Openshift Container Platform=4.0
CVE-2022-27650
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with ...
Crun Project Crun<1.4.4
Fedoraproject Fedora=34
Redhat Openshift Container Platform=4.0
Redhat Enterprise Linux=8.0
redhat/crun<1.4.4
CVE-2022-27652
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non...
redhat/cri-o<0:1.23.2-8.rhaos4.10.git8ad5d25.el8
redhat/cri-o<0:1.22.5-7.rhaos4.9.git3dbcd3c.el7
Kubernetes CRI-O
Fedoraproject Fedora=35
Mobyproject Moby<20.10.14
Redhat Openshift Container Platform=3.11
and 1 more
CVE-2022-27649
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly w...
Podman Project Podman<4.0.3
Redhat Developer Tools=1.0
Redhat Openshift Container Platform=4.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=8.6
Redhat Enterprise Linux Eus=8.4
and 18 more
CVE-2022-0718
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quo...
Openstack Oslo.utils<4.10.1
Openstack Oslo.utils=4.12.0
Redhat Openshift Container Platform=4.0
Redhat Openstack Platform=16.1
Debian Debian Linux=10.0
Debian Debian Linux=11.0
and 4 more
CVE-2022-0669
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages tha...
redhat/dpdk<22.03
redhat/openvswitch2.13<0:2.13.0-180.el8fd
redhat/openvswitch2.15<0:2.15.0-99.el8fd
redhat/openvswitch2.16<0:2.16.0-74.el8fd
Dpdk Data Plane Development Kit>=20.02<22.03
Dpdk Data Plane Development Kit=19.11
and 11 more
CVE-2022-0711
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop...
Haproxy Haproxy>=2.2.0<2.2.21
Haproxy Haproxy>=2.3.0<2.3.18
Haproxy Haproxy>=2.4.0<2.4.13
Redhat Openshift Container Platform=4.0
Redhat Software Collections
Redhat Enterprise Linux=7.0
and 8 more
CVE-2022-0532
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is a...
redhat/cri-o<0:1.23.0-92.rhaos4.10.gitdaab4d1.el7
redhat/cri-o<0:1.19.5-3.rhaos4.6.git91f8458.el8
redhat/cri-o<0:1.20.6-11.rhaos4.7.git76ea3d0.el8
redhat/cri-o<0:1.21.5-2.rhaos4.8.gitaf64931.el8
redhat/cri-o<0:1.22.2-2.rhaos4.9.gitb030be8.el7
Kubernetes CRI-O<=1.18
and 2 more
CVE-2021-4104
Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
redhat/log4j<0:1.2.14-6.5.el6_10
redhat/log4j<0:1.2.17-17.el7_4
redhat/log4j<0:1.2.17-16.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 219 more
CVE-2023-5366
Openvswitch don't match packets on nd_target field
Openvswitch Openvswitch<2023-02-28
Redhat Openshift Container Platform=4.0
Redhat Virtualization=4.0
Redhat Enterprise Linux=7.0
Redhat Fast Datapath
Redhat Enterprise Linux=7.0
and 11 more
CVE-2021-3827
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending...
redhat/keycloak-server-spi-private<18.0.0
redhat/rh-sso7-keycloak<0:15.0.4-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.4-1.redhat_00001.1.el8
redhat/redhat-sso<7-sso75-openshift-rhel8
Redhat Keycloak<18.0.0
Redhat Single Sign-on=7.0
and 6 more
CVE-2021-3697
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some tri...
debian/grub2
Gnu Grub2>=2.00<2.12
Redhat Developer Tools=1.0
IBM Robotic Process Automation as a Service=3.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=8.1
and 39 more
CVE-2021-3696
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may...
redhat/grub2<1:2.02-123.el8_6.8
redhat/grub2<1:2.02-87.el8_1.10
redhat/grub2<1:2.02-87.el8_2.10
redhat/grub2<1:2.02-99.el8_4.9
redhat/grub2<1:2.06-27.el9_0.7
Gnu Grub2>=2.00<2.12
and 39 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203