Openshift Container Platform
by Red Hat
CVEs (82)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-3248 | 0.00 | — | 0.00 | Oct 5, 2023 | A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied. | |||
| CVE-2023-3153 | 0.00 | — | 0.01 | Oct 4, 2023 | A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured. | |||
| CVE-2022-4318 | 0.00 | — | 0.00 | Sep 25, 2023 | A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. | |||
| CVE-2022-3466 | 0.00 | — | 0.00 | Sep 15, 2023 | The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in… | |||
| CVE-2023-3089 | 0.00 | — | 0.00 | Jul 5, 2023 | A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. | |||
| CVE-2022-2403 | 0.00 | — | 0.00 | Sep 1, 2022 | A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could… | |||
| CVE-2022-1677 | 0.00 | — | 0.00 | Sep 1, 2022 | In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the… | |||
| CVE-2021-20238 | 0.00 | — | 0.01 | Apr 1, 2022 | It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include… | |||
| CVE-2020-14336 | 0.00 | — | 0.01 | Jun 2, 2021 | A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat… | |||
| CVE-2019-19350 | 0.00 | — | 0.00 | Mar 24, 2021 | An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||
| CVE-2019-10200 | 0.00 | — | 0.01 | Mar 19, 2021 | A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials… | |||
| CVE-2019-10225 | 0.00 | — | 0.01 | Mar 19, 2021 | A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of… | |||
| CVE-2020-10706 | 0.00 | — | 0.00 | May 12, 2020 | A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into… | |||
| CVE-2020-1741 | 0.00 | — | 0.01 | Apr 24, 2020 | A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could… | |||
| CVE-2020-10712 | 0.00 | — | 0.01 | Apr 22, 2020 | A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The… | |||
| CVE-2019-14819 | 0.00 | — | 0.01 | Jan 7, 2020 | A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges… | |||
| CVE-2019-10176 | 0.00 | — | 0.01 | Aug 2, 2019 | A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use… | |||
| CVE-2019-10165 | 0.00 | — | 0.00 | Jul 30, 2019 | OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources. | |||
| CVE-2019-3889 | 0.00 | — | 0.01 | Jul 11, 2019 | A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to… | |||
| CVE-2019-10150 | 0.00 | — | 0.01 | Jun 12, 2019 | It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output. |
- CVE-2022-3248Oct 5, 2023risk 0.00cvss —epss 0.00
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.
- CVE-2023-3153Oct 4, 2023risk 0.00cvss —epss 0.01
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.
- CVE-2022-4318Sep 25, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
- CVE-2022-3466Sep 15, 2023risk 0.00cvss —epss 0.00
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in…
- CVE-2023-3089Jul 5, 2023risk 0.00cvss —epss 0.00
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
- CVE-2022-2403Sep 1, 2022risk 0.00cvss —epss 0.00
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could…
- CVE-2022-1677Sep 1, 2022risk 0.00cvss —epss 0.00
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the…
- CVE-2021-20238Apr 1, 2022risk 0.00cvss —epss 0.01
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include…
- CVE-2020-14336Jun 2, 2021risk 0.00cvss —epss 0.01
A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat…
- CVE-2019-19350Mar 24, 2021risk 0.00cvss —epss 0.00
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
- CVE-2019-10200Mar 19, 2021risk 0.00cvss —epss 0.01
A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials…
- CVE-2019-10225Mar 19, 2021risk 0.00cvss —epss 0.01
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of…
- CVE-2020-10706May 12, 2020risk 0.00cvss —epss 0.00
A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into…
- CVE-2020-1741Apr 24, 2020risk 0.00cvss —epss 0.01
A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could…
- CVE-2020-10712Apr 22, 2020risk 0.00cvss —epss 0.01
A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The…
- CVE-2019-14819Jan 7, 2020risk 0.00cvss —epss 0.01
A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges…
- CVE-2019-10176Aug 2, 2019risk 0.00cvss —epss 0.01
A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use…
- CVE-2019-10165Jul 30, 2019risk 0.00cvss —epss 0.00
OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources.
- CVE-2019-3889Jul 11, 2019risk 0.00cvss —epss 0.01
A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to…
- CVE-2019-10150Jun 12, 2019risk 0.00cvss —epss 0.01
It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.
Page 4 of 5