Vulnerabilities > Redhat > Openshift

DATE CVE VULNERABILITY TITLE RISK
2024-02-14 CVE-2024-1485 Path Traversal vulnerability in multiple products
A flaw was found in the decompression function of registry-support.
network
low complexity
redhat devfile CWE-22
critical
9.3
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-01-26 CVE-2023-0229 Unspecified vulnerability in Redhat Openshift 4.11/4.12
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.
network
low complexity
redhat
6.3
2023-01-17 CVE-2023-0296 Unspecified vulnerability in Redhat Openshift 4.11
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component.
network
low complexity
redhat
5.3
2022-12-09 CVE-2022-3259 Unspecified vulnerability in Redhat Openshift 4.9
Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.
network
high complexity
redhat
7.4
2022-12-08 CVE-2022-3260 Improper Restriction of Rendered UI Layers or Frames vulnerability in Redhat Openshift 4.9
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack..
network
low complexity
redhat CWE-1021
4.8
2022-12-08 CVE-2022-3262 Insecure Default Initialization of Resource vulnerability in Redhat Openshift 4.9
A flaw was found in Openshift.
network
low complexity
redhat CWE-1188
8.1
2022-10-19 CVE-2013-4253 Exposure of Resource to Wrong Sphere vulnerability in Redhat Openshift 1.0
The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.
network
low complexity
redhat CWE-668
7.5
2022-10-19 CVE-2013-4281 Unspecified vulnerability in Redhat Openshift 1.0
In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.
local
low complexity
redhat
5.5
2022-10-17 CVE-2017-7517 Unspecified vulnerability in Redhat Openshift 3.0
An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift.
network
low complexity
redhat
3.5