Latest redhat openshift container platform for power Vulnerabilities

CVE-2023-6563
Keycloak: offline session token dos
Redhat Keycloak<21.0.0
Redhat Single Sign-on=7.6
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Redhat Single Sign-on
and 11 more
CVE-2023-6291
Keycloak: redirect_uri validation bypass
maven/org.keycloak:keycloak-services<23.0.3
Redhat Keycloak<22.0.7
Redhat Single Sign-on
Redhat Openshift Container Platform=4.11
Redhat Openshift Container Platform=4.12
Redhat Openshift Container Platform For Ibm Z=4.9
and 12 more
CVE-2023-6134
Keycloak: reflected xss via wildcard in oidc redirect_uri
maven/org.keycloak:keycloak-services<23.0.3
Redhat Single Sign-on<7.6.6
Redhat Keycloak<22.0.7
Redhat Single Sign-on<7.6
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
and 11 more
CVE-2023-5625
Python-eventlet: patch regression for cve-2021-21419 in some red hat builds
Redhat Openshift Container Platform For Arm64=4.12
Redhat Openshift Container Platform For Linuxone=4.12
Redhat Openshift Container Platform For Power=4.12
Redhat Openshift Container Platform Ibm Z Systems=4.12
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
and 2 more
CVE-2023-3089
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Redhat Openshift Container Platform=4.10
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Openshift Container Platform For Linuxone=4.10
Redhat Openshift Container Platform For Linuxone=4.11
Redhat Openshift Container Platform For Power=4.10
and 10 more
CVE-2023-3223
Undertow: outofmemoryerror due to @multipartconfig handling
Redhat Undertow<2.2.24
Redhat Openshift Container Platform=4.11
Redhat Openshift Container Platform=4.12
Redhat Openshift Container Platform For Ibm Linuxone=4.9
Redhat Openshift Container Platform For Ibm Linuxone=4.10
Redhat Openshift Container Platform For Power=4.9
and 43 more
CVE-2023-2585
Keycloak: client access via device auth request spoof
redhat/rh-sso7-keycloak<0:18.0.8-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:18.0.8-1.redhat_00001.1.el8
redhat/rh-sso7-keycloak<0:18.0.8-1.redhat_00001.1.el9
maven/org.keycloak:keycloak-server-spi-private<21.1.2
maven/org.keycloak:keycloak-services<21.1.2
Redhat Single Sign-on=7.6
and 13 more
CVE-2023-1108
Undertow: infinite loop in sslconduit during close
redhat/eap7-undertow<0:2.2.22-1.SP3_redhat_00002.1.el8ea
redhat/eap7-wildfly<0:7.4.9-6.GA_redhat_00004.1.el8ea
redhat/eap7-undertow<0:2.2.23-1.SP2_redhat_00001.1.el8ea
redhat/eap7-undertow-jastow<0:2.0.14-1.Final_redhat_00001.1.el8ea
redhat/eap7-undertow<0:2.2.22-1.SP3_redhat_00002.1.el9ea
redhat/eap7-wildfly<0:7.4.9-6.GA_redhat_00004.1.el9ea
and 54 more
CVE-2023-0056
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious...
redhat/haproxy<0:2.4.17-3.el9_1.2
redhat/haproxy<0:2.4.7-2.el9_0.2
redhat/haproxy<0:2.2.19-3.el8
redhat/haproxy<0:2.2.24-2.el8
redhat/haproxy<0:2.2.24-3.rhaos4.13.el8
redhat/haproxy<0:2.2.15-6.el8
and 24 more
CVE-2022-4318
Cri-o: /etc/passwd tampering privesc
redhat/cri-o<0:1.24.4-10.rhaos4.11.git1ed5ac5.el8
redhat/cri-o<0:1.25.2-10.rhaos4.12.git0a083f9.el8
Kubernetes CRI-O
Redhat Openshift Container Platform For Arm64=4.12
Redhat Openshift Container Platform For Linuxone=4.12
Redhat Openshift Container Platform For Power=4.12
and 45 more
CVE-2022-4361
AssertionConsumerServiceURL is a Java implementation for SAML Service Providers (org.keycloak.protocol.saml). Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Assertion...
Redhat Keycloak<21.1.2
Redhat Single Sign-on>=7.6<7.6.4
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Redhat Single Sign-on
and 7 more
CVE-2022-4039
Rhsso-container-image: unsecured management interface exposed to adjecent network
Redhat Single Sign-on=7.0
Redhat Openshift Container Platform=4.9
Redhat Openshift Container Platform=4.10
Redhat Openshift Container Platform For Ibm Z=4.9
Redhat Openshift Container Platform For Ibm Z=4.10
Redhat Openshift Container Platform For Linuxone=4.9
and 5 more
CVE-2022-3916
Keycloak: session takeover with oidc offline refreshtokens
maven/org.keycloak:keycloak-parent<=19.0.2
Redhat Keycloak<20.0.2
Redhat Single Sign-on
Redhat Single Sign-on=7.6
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
and 15 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203