Latest redhat openshift Vulnerabilities

CVE-2023-43058
IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.
IBM Robotic Process Automation for Cloud Pak<=23.0.9
IBM Robotic Process Automation<=23.0.9
IBM Robotic Process Automation=23.0.9
IBM Robotic Process Automation for Cloud Pak=23.0.9
Redhat Openshift
CVE-2023-40370
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 26347...
IBM Robotic Process Automation<=21.0.0 - 21.0.7.1
IBM Robotic Process Automation for Cloud Pak<=21.0.0 - 21.0.7.1
IBM Robotic Process Automation>=21.0.0<=21.0.7.1
IBM Robotic Process Automation for Cloud Pak>=21.0.0<=21.0.7.1
Redhat Openshift
Microsoft Windows
CVE-2023-38732
IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.
IBM Robotic Process Automation<=21.0.0 - 21.0.7
IBM Robotic Process Automation for Cloud Pak<=21.0.0 - 21.0.7
IBM Robotic Process Automation>=21.0.0<=21.0.7
IBM Robotic Process Automation for Cloud Pak>=21.0.0<=21.0.7
Redhat Openshift
Microsoft Windows
CVE-2023-38734
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481....
IBM Robotic Process Automation<=21.0.0 - 21.0.7.1, 23.0.0 - 23.0.1
IBM Robotic Process Automation>=21.0.0<=21.0.7.1
IBM Robotic Process Automation=23.0.0
IBM Robotic Process Automation=23.0.1
Redhat Openshift
Microsoft Windows
CVE-2023-38733
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 26229...
IBM Robotic Process Automation<=21.0.0 - 21.0.7.3, 23.0.0 - 23.0.3
IBM Robotic Process Automation>=21.0.0<=21.0.7.3
IBM Robotic Process Automation>=23.0.0<=23.0.3
Redhat Openshift
Microsoft Windows
CVE-2023-35901
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force...
IBM Robotic Process Automation<=21.0.0 - 21.0.7.6, 23.0.0 - 23.0.6
IBM Robotic Process Automation for Cloud Pak<=21.0.0 - 21.0.7.6, 23.0.0 - 23.0.6
IBM Robotic Process Automation as a Service<=21.0.0 - 21.0.7.6, 23.0.0 - 23.0.6
IBM Robotic Process Automation>=21.0.0<=21.0.7.6
IBM Robotic Process Automation>=23.0.0<=23.0.6
IBM Robotic Process Automation as a Service>=21.0.0<=21.0.7.6
and 4 more
CVE-2023-35900
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabil...
IBM Robotic Process Automation<=<= 21.0.7.4, 23.0.0 - 23.0.5
IBM Robotic Process Automation for Cloud Pak<=<= 21.0.7.4, 23.0.0 - 23.0.5
IBM Robotic Process Automation as a Service<=<= 21.0.7.4, 23.0.0 - 23.0.5
IBM Robotic Process Automation<=21.0.7.4
IBM Robotic Process Automation>=23.0.0<=23.0.5
IBM Robotic Process Automation as a Service<=21.0.7.4
and 5 more
CVE-2023-27540
IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of ser...
IBM Watson CP4D Data Stores<=All
IBM Cloud Pak for Data=4.6.0
IBM Watson CP4D Data Stores
Redhat Openshift
CVE-2023-23468
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a clus...
IBM Robotic Process Automation for Cloud Pak<=21.0.1-21.0.7.3, 23.0.0 - 23.0.3
IBM Robotic Process Automation>=21.0.1<=21.0.7.3
IBM Robotic Process Automation>=23.0.0<=23.0.3
Redhat Openshift
CVE-2023-22593
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges....
IBM Robotic Process Automation for Cloud Pak<=21.0.1-21.0.7.3, 23.0.0 - 23.0.3
IBM Robotic Process Automation>=21.0.1<=21.0.7.3
IBM Robotic Process Automation>=23.0.0<=23.0.3
Redhat Openshift
CVE-2022-36769
IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232...
IBM Cloud Pak for Data=4.5
IBM Cloud Pak for Data=4.6
Redhat Openshift
CVE-2022-42439
IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials...
IBM App Connect Enterprise Certified Container<=4.1
IBM App Connect Enterprise Certified Container<=4.2
IBM App Connect Enterprise Certified Container<=5.0-lts
IBM App Connect Enterprise Certified Container<=5.1
IBM App Connect Enterprise Certified Container<=5.2
IBM App Connect Enterprise Certified Container<=6.0
and 13 more
CVE-2022-41731
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, mod...
IBM Watson Knowledge Catalog on-prem<=4.5.x
IBM Watson Knowledge Catalog on Cloud Pak for Data=4.5.0
Redhat Openshift
CVE-2023-0296
The Birthday attack against 64-bit block ciphers (CVE-2016-2183) was reported for the health checks port (9979) on the etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the et...
redhat/etcd<3.6.0
Redhat Openshift=4.11
CVE-2023-0229
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they cont...
redhat/microshift<0:4.12.6-202303012057.p0.g50997a2.assembly.4.12.6.el8
redhat/openshift<0:4.13.0-202304211155.p0.gb404935.assembly.stream.el9
Redhat Openshift=4.11
Redhat Openshift=4.12
CVE-2023-22592
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.
IBM Robotic Process Automation for Cloud Pak<=< 21.0.5
IBM Robotic Process Automation for Cloud Pak>=21.0.1<21.0.5
Redhat Openshift
CVE-2023-22594
IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alterin...
IBM Robotic Process Automation<=21.0.0 - 21.0.7.1, 23.0.0 - 23.0.1
IBM Robotic Process Automation for Cloud Pak<=21.0.0 - 21.0.7.1, 23.0.0 - 23.0.1
IBM Robotic Process Automation as a Service<=< 23.0.2
IBM Robotic Process Automation<21.0.5
IBM Robotic Process Automation as a Service<21.0.5
IBM Robotic Process Automation for Cloud Pak<21.0.5
and 2 more
CVE-2023-22863
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive inf...
IBM Robotic Process Automation<=< 21.0.3
IBM Robotic Process Automation for Cloud Pak<=< 21.0.3
IBM Robotic Process Automation as a Service<=< 21.0.3
IBM Robotic Process Automation<21.0.3
IBM Robotic Process Automation as a Service<21.0.3
IBM Robotic Process Automation for Cloud Pak<21.0.3
and 2 more
CVE-2022-43573
IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678.
IBM Robotic Process Automation for Cloud Pak<=< 21.0.7
IBM Robotic Process Automation<=< 21.0.7
IBM Robotic Process Automation as a Service<=< 21.0.7
IBM Robotic Process Automation<21.0.7
IBM Robotic Process Automation as a Service<21.0.7
IBM Robotic Process Automation for Cloud Pak<21.0.7
and 2 more
CVE-2022-41740
IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.
IBM Robotic Process Automation for Cloud Pak<=< 21.0.7
IBM Robotic Process Automation<=< 21.0.7
IBM Robotic Process Automation<21.0.7
IBM Robotic Process Automation for Cloud Pak<21.0.7
Redhat Openshift
Microsoft Windows
CVE-2022-43922
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM...
IBM App Connect Enterprise Certified Container<=4.1
IBM App Connect Enterprise Certified Container<=4.2
IBM App Connect Enterprise Certified Container<=5.0-lts
IBM App Connect Enterprise Certified Container<=5.1
IBM App Connect Enterprise Certified Container<=5.2
IBM App Connect Enterprise Certified Container<=6.0
and 11 more
CVE-2022-43844
IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA ...
IBM Robotic Process Automation for Cloud Pak<=< 21.0.3.1
IBM Robotic Process Automation for Cloud Pak>=20.12<21.0.3.1
Redhat Openshift
CVE-2013-4281
In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.
Redhat Openshift=1.0
CVE-2013-4253
The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.
Redhat Openshift=1.0
CVE-2022-3262
A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with ...
Redhat Openshift=4.9
CVE-2022-3260
Description of the problem: The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack. Clickjacking, also known as a 'UI redress attack', is when an attacke...
Redhat Openshift=4.9
CVE-2022-3259
Description of problem: HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header. Once a supported br...
redhat/openshift<0:4.12.0-202301042257.p0.g77bec7a.assembly.stream.el9
redhat/openshift<0:4.13.0-202304211155.p0.gb404935.assembly.stream.el8
Redhat Openshift=4.9
CVE-2022-2403
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to an...
Redhat Openshift>=4.9
CVE-2021-4125
It was found that the original fix for log4j <a href="https://access.redhat.com/security/cve/CVE-2021-44228">CVE-2021-44228</a> and <a href="https://access.redhat.com/security/cve/CVE-2021-45046">CVE-...
Redhat Openshift>=4.6.0<4.6.52
Redhat Openshift>=4.7.0<4.7.40
Redhat Openshift>=4.8.0<4.8.24
CVE-2021-4047
The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.
Redhat Openshift=4.9
CVE-2021-39013
IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the sy...
IBM Cloud Pak for Security (CP4S)<=1.7.2.0
IBM Cloud Pak for Security (CP4S)<=1.7.1.0
IBM Cloud Pak for Security (CP4S)<=1.7.0.0
IBM Cloud Pak for Security=1.7.0.0
IBM Cloud Pak for Security=1.7.1.0
IBM Cloud Pak for Security=1.7.2.0
and 1 more
CVE-2021-38911
IBM Cloud Pak - Risk Manager stores user credentials in plain clear text which can be read by a an authenticatedl privileged user.
IBM Security Risk Manager on CP4S<=CP4S 1.7.2.0
IBM Security Risk Manager on CP4S=1.7.2.0
Redhat Openshift
CVE-2021-29912
IBM Cloud Pak - Risk Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall...
IBM Security Risk Manager on CP4S<=CP4S 1.7.0.0
IBM Security Risk Manager on CP4S=1.7.0.0
Redhat Openshift
CVE-2021-29906
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to clou...
IBM App Connect Enterprise Certified Container<=1.0 with Operator
IBM App Connect Enterprise Certified Container<=1.1 with Operator
IBM App Connect Enterprise Certified Container<=1.2 with Operator
IBM App Connect Enterprise Certified Container<=1.3 with Operator
IBM App Connect Enterprise Certified Container<=1.4 with Operator
IBM App Connect Enterprise Certified Container<=1.5 with Operator
and 7 more
CVE-2021-29894
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-...
IBM Cloud Pak for Security (CP4S)<=1.7.2.0
IBM Cloud Pak for Security (CP4S)<=1.7.1.0
IBM Cloud Pak for Security (CP4S)<=1.7.0.0
IBM Cloud Pak for Security=1.7.0.0
IBM Cloud Pak for Security=1.7.1.0
IBM Cloud Pak for Security=1.7.2.0
and 1 more
CVE-2021-20578
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199...
IBM Cloud Pak for Security (CP4S)<=1.7.2.0
IBM Cloud Pak for Security (CP4S)<=1.7.1.0
IBM Cloud Pak for Security (CP4S)<=1.7.0.0
IBM Cloud Pak for Security=1.7.0.0
IBM Cloud Pak for Security=1.7.1.0
IBM Cloud Pak for Security=1.7.2.0
and 1 more
CVE-2021-3697
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some tri...
debian/grub2
redhat/grub2<1:2.02-123.el8_6.8
redhat/grub2<1:2.02-87.el8_1.10
redhat/grub2<1:2.02-87.el8_2.10
redhat/grub2<1:2.02-99.el8_4.9
redhat/grub2<1:2.06-27.el9_0.7
and 39 more
CVE-2021-3696
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may...
debian/grub2
redhat/grub2<1:2.02-123.el8_6.8
redhat/grub2<1:2.02-87.el8_1.10
redhat/grub2<1:2.02-87.el8_2.10
redhat/grub2<1:2.02-99.el8_4.9
redhat/grub2<1:2.06-27.el9_0.7
and 40 more
CVE-2021-3695
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and...
debian/grub2
redhat/grub2<1:2.02-123.el8_6.8
redhat/grub2<1:2.02-87.el8_1.10
redhat/grub2<1:2.02-87.el8_2.10
redhat/grub2<1:2.02-99.el8_4.9
redhat/grub2<1:2.06-27.el9_0.7
and 41 more
CVE-2021-3636
It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into ...
redhat/openshift<0:4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7
redhat/openshift<4.8
Redhat Openshift<4.8
CVE-2020-35514
An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local a...
Redhat Openshift<4.7.0
Redhat Openshift=4.7.0
CVE-2020-1759
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which...
Redhat Ceph Storage=4.0
Redhat Openshift=4.2
Redhat Openstack=15
Linuxfoundation Ceph<14.2.21
Fedoraproject Fedora=31
CVE-2019-19351
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and esca...
Redhat Openshift=3.11
Redhat Openshift=4.0
CVE-2020-1761
A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS att...
redhat/openshift/console<4
Redhat Openshift<4.0
CVE-2013-2060
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.
Redhat Openshift=1.0
CVE-2020-1707
A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postg...
Redhat Openshift>=4.0<4.3
CVE-2019-19345
A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediaw...
Redhat Openshift>=4.0<4.3
Redhat Openshift=3.11
CVE-2019-19346
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An atta...
redhat/openshift-enterprise-mariadb-apb 4.3.5<202003020549
redhat/openshift-enterprise-mariadb-apb 4.2.21<202002240343
redhat/openshift-enterprise-mariadb-apb 4.1.37<202003021622
redhat/openshift-enterprise-mariadb-apb 3.11.188<4
Redhat Openshift<3.11.188-4
Redhat Openshift>=4.0.0<4.1.37
and 2 more
CVE-2019-19349
An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the contain...
Redhat Openshift=4.0
CVE-2019-19350
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container co...
Redhat Openshift=3.11
Redhat Openshift=4.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203