VYPR

Openshift Container Platform

by Red Hat

CVEs (82)

  • CVE-2022-3248Oct 5, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.

  • CVE-2023-3153Oct 4, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.

  • CVE-2022-4318Sep 25, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

  • CVE-2022-3466Sep 15, 2023
    risk 0.00cvss epss 0.00

    The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in…

  • CVE-2023-3089Jul 5, 2023
    risk 0.00cvss epss 0.00

    A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

  • CVE-2022-2403Sep 1, 2022
    risk 0.00cvss epss 0.00

    A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could…

  • CVE-2022-1677Sep 1, 2022
    risk 0.00cvss epss 0.00

    In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the…

  • CVE-2021-20238Apr 1, 2022
    risk 0.00cvss epss 0.01

    It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include…

  • CVE-2020-14336Jun 2, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat…

  • CVE-2019-19350Mar 24, 2021
    risk 0.00cvss epss 0.00

    An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

  • CVE-2019-10200Mar 19, 2021
    risk 0.00cvss epss 0.01

    A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials…

  • CVE-2019-10225Mar 19, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of…

  • CVE-2020-10706May 12, 2020
    risk 0.00cvss epss 0.00

    A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into…

  • CVE-2020-1741Apr 24, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could…

  • CVE-2020-10712Apr 22, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The…

  • CVE-2019-14819Jan 7, 2020
    risk 0.00cvss epss 0.01

    A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges…

  • CVE-2019-10176Aug 2, 2019
    risk 0.00cvss epss 0.01

    A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use…

  • CVE-2019-10165Jul 30, 2019
    risk 0.00cvss epss 0.00

    OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources.

  • CVE-2019-3889Jul 11, 2019
    risk 0.00cvss epss 0.01

    A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to…

  • CVE-2019-10150Jun 12, 2019
    risk 0.00cvss epss 0.01

    It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.

Page 4 of 5