VYPR

Openshift

by Red Hat

Source repositories

CVEs (144)

  • CVE-2022-3259Dec 9, 2022
    risk 0.00cvss epss 0.01

    Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.

  • CVE-2022-3262Dec 8, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.

  • CVE-2022-3260Dec 8, 2022
    risk 0.00cvss epss 0.00

    The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.

  • CVE-2013-4281Oct 19, 2022
    risk 0.00cvss epss 0.00

    In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.

  • CVE-2013-4253Oct 19, 2022
    risk 0.00cvss epss 0.01

    The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.

  • CVE-2022-2403Sep 1, 2022
    risk 0.00cvss epss 0.00

    A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could…

  • CVE-2022-1677Sep 1, 2022
    risk 0.00cvss epss 0.00

    In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the…

  • CVE-2022-1632Sep 1, 2022
    risk 0.00cvss epss 0.00

    An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting…

  • CVE-2013-4561Jun 30, 2022
    risk 0.00cvss epss 0.01

    In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity.

  • CVE-2021-4047Apr 11, 2022
    risk 0.00cvss epss 0.01

    The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.

  • CVE-2021-3636Jul 30, 2021
    risk 0.00cvss epss 0.00

    It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that…

  • CVE-2020-35514Jun 2, 2021
    risk 0.00cvss epss 0.00

    An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own…

  • CVE-2020-14336Jun 2, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat…

  • CVE-2019-19354Mar 24, 2021
    risk 0.00cvss epss 0.00

    An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

  • CVE-2019-19353Mar 24, 2021
    risk 0.00cvss epss 0.00

    An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

  • CVE-2019-19352Mar 24, 2021
    risk 0.00cvss epss 0.00

    An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

  • CVE-2019-19350Mar 24, 2021
    risk 0.00cvss epss 0.00

    An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

  • CVE-2019-19349Mar 24, 2021
    risk 0.00cvss epss 0.00

    An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

  • CVE-2021-3344Mar 16, 2021
    risk 0.00cvss epss 0.01

    A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use…

  • CVE-2021-20182Feb 23, 2021
    risk 0.00cvss epss 0.01

    A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the…

Page 4 of 8