Latest redhat openshift container platform for linuxone Vulnerabilities

CVE-2023-6291
Keycloak: redirect_uri validation bypass
maven/org.keycloak:keycloak-services<23.0.3
Redhat Keycloak<22.0.7
Redhat Single Sign-on
Redhat Openshift Container Platform=4.11
Redhat Openshift Container Platform=4.12
Redhat Openshift Container Platform For Ibm Z=4.9
and 12 more
CVE-2023-5625
Python-eventlet: patch regression for cve-2021-21419 in some red hat builds
Redhat Openshift Container Platform For Arm64=4.12
Redhat Openshift Container Platform For Linuxone=4.12
Redhat Openshift Container Platform For Power=4.12
Redhat Openshift Container Platform Ibm Z Systems=4.12
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
and 2 more
CVE-2023-3089
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Redhat Openshift Container Platform=4.10
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Openshift Container Platform For Linuxone=4.10
Redhat Openshift Container Platform For Linuxone=4.11
Redhat Openshift Container Platform For Power=4.10
and 10 more
CVE-2023-2585
Keycloak: client access via device auth request spoof
redhat/rh-sso7-keycloak<0:18.0.8-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:18.0.8-1.redhat_00001.1.el8
redhat/rh-sso7-keycloak<0:18.0.8-1.redhat_00001.1.el9
maven/org.keycloak:keycloak-server-spi-private<21.1.2
maven/org.keycloak:keycloak-services<21.1.2
Redhat Single Sign-on=7.6
and 13 more
CVE-2023-1108
Undertow: infinite loop in sslconduit during close
redhat/eap7-undertow<0:2.2.22-1.SP3_redhat_00002.1.el8ea
redhat/eap7-wildfly<0:7.4.9-6.GA_redhat_00004.1.el8ea
redhat/eap7-undertow<0:2.2.23-1.SP2_redhat_00001.1.el8ea
redhat/eap7-undertow-jastow<0:2.0.14-1.Final_redhat_00001.1.el8ea
redhat/eap7-undertow<0:2.2.22-1.SP3_redhat_00002.1.el9ea
redhat/eap7-wildfly<0:7.4.9-6.GA_redhat_00004.1.el9ea
and 54 more
CVE-2022-4318
Cri-o: /etc/passwd tampering privesc
redhat/cri-o<0:1.24.4-10.rhaos4.11.git1ed5ac5.el8
redhat/cri-o<0:1.25.2-10.rhaos4.12.git0a083f9.el8
Kubernetes CRI-O
Redhat Openshift Container Platform For Arm64=4.12
Redhat Openshift Container Platform For Linuxone=4.12
Redhat Openshift Container Platform For Power=4.12
and 45 more
CVE-2022-4039
Rhsso-container-image: unsecured management interface exposed to adjecent network
Redhat Single Sign-on=7.0
Redhat Openshift Container Platform=4.9
Redhat Openshift Container Platform=4.10
Redhat Openshift Container Platform For Ibm Z=4.9
Redhat Openshift Container Platform For Ibm Z=4.10
Redhat Openshift Container Platform For Linuxone=4.9
and 5 more
CVE-2022-3916
Keycloak: session takeover with oidc offline refreshtokens
maven/org.keycloak:keycloak-parent<=19.0.2
Redhat Keycloak<20.0.2
Redhat Single Sign-on
Redhat Single Sign-on=7.6
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
and 15 more
CVE-2020-8945
A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications tha...
redhat/skopeo<1:0.1.40-7.el7_8
redhat/buildah<0:1.11.6-8.el7_8
redhat/docker<2:1.13.1-161.git64e9980.el7_8
redhat/podman<0:1.6.4-18.el7_8
redhat/atomic-openshift<0:3.11.248-1.git.0.92ee8ac.el7
redhat/skopeo<1:0.1.32-6.git1715c90.el8_0
and 29 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203