Vulnerabilities > Redhat > Openshift Container Platform > 3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-14 | CVE-2020-27833 | Link Following vulnerability in Redhat Openshift Container Platform A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. | 7.1 |
| 2020-07-13 | CVE-2020-14298 | Improper Check for Dropped Privileges vulnerability in multiple products The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. | 8.8 |
| 2020-04-22 | CVE-2020-10712 | Information Exposure Through Log Files vulnerability in Redhat Openshift Container Platform A flaw was found in OpenShift Container Platform version 4.1 and later. | 8.2 |
| 2019-07-30 | CVE-2019-10165 | Information Exposure vulnerability in Redhat Openshift Container Platform OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. | 2.1 |
| 2019-04-01 | CVE-2019-3876 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Openshift Container Platform A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. | 6.3 |
| 2018-09-06 | CVE-2018-14632 | Out-of-bounds Write vulnerability in multiple products An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. | 7.7 |
| 2018-07-02 | CVE-2018-10843 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Container Platform source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. | 9.0 |
| 2018-06-15 | CVE-2018-1085 | Improper Authentication vulnerability in Redhat Openshift Container Platform openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. | 10.0 |
| 2018-06-12 | CVE-2018-1070 | Improper Input Validation vulnerability in Redhat Openshift Container Platform routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. | 5.0 |