Vendor CVEs
Openshift
All CVEs
41 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1085 | Cri | 0.59 | 9.0 | 0.02 | Jun 15, 2018 | openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being… | ||
| CVE-2024-45496 | Cri | 0.57 | 9.9 | 0.01 | Sep 17, 2024 | A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to… | ||
| CVE-2024-7387 | Cri | 0.52 | 9.1 | 0.02 | Sep 17, 2024 | A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the… | ||
| CVE-2024-6508 | Hig | 0.52 | 8.0 | 0.01 | Aug 21, 2024 | An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows… | ||
| CVE-2024-25133 | Hig | 0.50 | 8.8 | 0.00 | Dec 31, 2024 | A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod. | ||
| CVE-2024-25131 | Hig | 0.50 | 8.8 | 0.01 | Dec 19, 2024 | A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can… | ||
| CVE-2024-45497 | Hig | 0.49 | 7.6 | 0.01 | Dec 31, 2024 | A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from… | ||
| CVE-2025-2241 | Hig | 0.46 | 8.2 | 0.00 | Mar 17, 2025 | A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision… | ||
| CVE-2026-10609 | mod | 0.44 | 6.8 | 0.00 | Jun 23, 2026 | openshift/cluster-logging-operator: Cluster Logging Operator creates and forwards ServiceAccount tokens without verifying CLF creator authorization | ||
| CVE-2024-1139 | Hig | 0.43 | 7.7 | 0.01 | Apr 25, 2024 | A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret. | ||
| CVE-2026-10101 | Med | 0.41 | 6.3 | 0.00 | May 29, 2026 | ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pull-secret validation fails. A namespace principal with the stock `view` ClusterRole cannot directly read Secrets, but can read `InfraEnv` objects and recover… | ||
| CVE-2026-7163 | Med | 0.40 | 6.1 | 0.00 | Apr 30, 2026 | A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters… | ||
| CVE-2025-14443 | Med | 0.35 | 6.4 | 0.00 | Dec 16, 2025 | A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service (DoS) through Server-Side Request Forgery (SSRF) due to missing IP address and network-range… | ||
| CVE-2024-6538 | Med | 0.34 | 5.3 | 0.01 | Nov 25, 2024 | A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't… | ||
| CVE-2015-8945 | Med | 0.33 | 5.1 | 0.00 | Aug 5, 2016 | openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal. | ||
| CVE-2024-7631 | Med | 0.28 | 4.3 | 0.00 | Mar 19, 2025 | A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath… | ||
| CVE-2024-25132 | Med | 0.28 | 4.3 | 0.00 | Mar 19, 2025 | A flaw was found in the Hive hibernation controller component of OpenShift Dedicated. The ClusterDeployment.hive.openshift.io/v1 resource can be created with the spec.installed field set to true, regardless of the installation status, and a positive timespan for the… | ||
| CVE-2016-8651 | Low | 0.20 | 3.1 | 0.01 | Aug 1, 2018 | An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained… | ||
| CVE-2019-11354 | 0.06 | — | 0.23 | Apr 19, 2019 | The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for… | |||
| CVE-2019-12828 | 0.04 | — | 0.13 | Jun 14, 2019 | An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt… | |||
| CVE-2026-28677 | 0.00 | — | 0.00 | Mar 6, 2026 | OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, the URL ingest pipeline accepted user-controlled remote URLs with incomplete destination restrictions. Although private/local host checks… | |||
| CVE-2026-28676 | 0.00 | — | 0.00 | Mar 6, 2026 | OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection… | |||
| CVE-2026-28675 | 0.00 | — | 0.00 | Mar 6, 2026 | OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered responses and token… | |||
| CVE-2026-27189 | 0.00 | — | 0.00 | Feb 21, 2026 | OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or… | |||
| CVE-2026-27170 | 0.00 | — | 0.00 | Feb 20, 2026 | OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing… | |||
| CVE-2026-27169 | 0.00 | — | 0.00 | Feb 20, 2026 | OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can… | |||
| CVE-2024-50311 | 0.00 | — | 0.01 | Oct 22, 2024 | A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing… | |||
| CVE-2024-7079 | 0.00 | — | 0.00 | Jul 24, 2024 | A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to… | |||
| CVE-2023-1260 | 0.00 | — | 0.02 | Sep 24, 2023 | An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a… | |||
| CVE-2023-0229 | 0.00 | — | 0.01 | Jan 25, 2023 | A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2… | |||
| CVE-2021-4294 | 0.00 | — | 0.01 | Dec 28, 2022 | A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is… | |||
| CVE-2022-0552 | 0.00 | — | 0.01 | Apr 11, 2022 | A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects… | |||
| CVE-2020-1761 | 0.00 | — | 0.01 | May 27, 2021 | A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions… | |||
| CVE-2021-20198 | 0.00 | — | 0.02 | Feb 23, 2021 | A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker… | |||
| CVE-2020-10752 | 0.00 | — | 0.01 | Jun 12, 2020 | A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked… | |||
| CVE-2019-19741 | 0.00 | — | 0.01 | Feb 20, 2020 | Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service… | |||
| CVE-2019-14854 | 0.00 | — | 0.01 | Jan 7, 2020 | OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an… | |||
| CVE-2019-19248 | 0.00 | — | 0.00 | Dec 12, 2019 | Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2). | |||
| CVE-2019-19247 | 0.00 | — | 0.00 | Dec 12, 2019 | Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2). | |||
| CVE-2014-0163 | 0.00 | — | 0.02 | Dec 11, 2019 | Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. | |||
| CVE-2014-0023 | 0.00 | — | 0.00 | Nov 15, 2019 | OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution |
- risk 0.59cvss 9.0epss 0.02
openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being…
- risk 0.57cvss 9.9epss 0.01
A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to…
- risk 0.52cvss 9.1epss 0.02
A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the…
- risk 0.52cvss 8.0epss 0.01
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows…
- risk 0.50cvss 8.8epss 0.00
A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod.
- risk 0.50cvss 8.8epss 0.01
A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can…
- risk 0.49cvss 7.6epss 0.01
A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from…
- risk 0.46cvss 8.2epss 0.00
A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision…
- risk 0.44cvss 6.8epss 0.00
openshift/cluster-logging-operator: Cluster Logging Operator creates and forwards ServiceAccount tokens without verifying CLF creator authorization
- risk 0.43cvss 7.7epss 0.01
A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.
- risk 0.41cvss 6.3epss 0.00
ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pull-secret validation fails. A namespace principal with the stock `view` ClusterRole cannot directly read Secrets, but can read `InfraEnv` objects and recover…
- risk 0.40cvss 6.1epss 0.00
A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters…
- risk 0.35cvss 6.4epss 0.00
A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service (DoS) through Server-Side Request Forgery (SSRF) due to missing IP address and network-range…
- risk 0.34cvss 5.3epss 0.01
A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't…
- risk 0.33cvss 5.1epss 0.00
openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal.
- risk 0.28cvss 4.3epss 0.00
A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath…
- risk 0.28cvss 4.3epss 0.00
A flaw was found in the Hive hibernation controller component of OpenShift Dedicated. The ClusterDeployment.hive.openshift.io/v1 resource can be created with the spec.installed field set to true, regardless of the installation status, and a positive timespan for the…
- risk 0.20cvss 3.1epss 0.01
An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained…
- CVE-2019-11354Apr 19, 2019risk 0.06cvss —epss 0.23
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for…
- CVE-2019-12828Jun 14, 2019risk 0.04cvss —epss 0.13
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt…
- CVE-2026-28677Mar 6, 2026risk 0.00cvss —epss 0.00
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, the URL ingest pipeline accepted user-controlled remote URLs with incomplete destination restrictions. Although private/local host checks…
- CVE-2026-28676Mar 6, 2026risk 0.00cvss —epss 0.00
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection…
- CVE-2026-28675Mar 6, 2026risk 0.00cvss —epss 0.00
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered responses and token…
- CVE-2026-27189Feb 21, 2026risk 0.00cvss —epss 0.00
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or…
- CVE-2026-27170Feb 20, 2026risk 0.00cvss —epss 0.00
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing…
- CVE-2026-27169Feb 20, 2026risk 0.00cvss —epss 0.00
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can…
- CVE-2024-50311Oct 22, 2024risk 0.00cvss —epss 0.01
A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing…
- CVE-2024-7079Jul 24, 2024risk 0.00cvss —epss 0.00
A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to…
- CVE-2023-1260Sep 24, 2023risk 0.00cvss —epss 0.02
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a…
- CVE-2023-0229Jan 25, 2023risk 0.00cvss —epss 0.01
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2…
- CVE-2021-4294Dec 28, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is…
- CVE-2022-0552Apr 11, 2022risk 0.00cvss —epss 0.01
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects…
- CVE-2020-1761May 27, 2021risk 0.00cvss —epss 0.01
A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions…
- CVE-2021-20198Feb 23, 2021risk 0.00cvss —epss 0.02
A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker…
- CVE-2020-10752Jun 12, 2020risk 0.00cvss —epss 0.01
A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked…
- CVE-2019-19741Feb 20, 2020risk 0.00cvss —epss 0.01
Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service…
- CVE-2019-14854Jan 7, 2020risk 0.00cvss —epss 0.01
OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an…
- CVE-2019-19248Dec 12, 2019risk 0.00cvss —epss 0.00
Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2).
- CVE-2019-19247Dec 12, 2019risk 0.00cvss —epss 0.00
Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2).
- CVE-2014-0163Dec 11, 2019risk 0.00cvss —epss 0.02
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
- CVE-2014-0023Nov 15, 2019risk 0.00cvss —epss 0.00
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution