3.10

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-14	CVE-2020-27833	Link Following vulnerability in Redhat Openshift Container Platform A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. network high complexity redhat CWE-59	7.1
2020-04-22	CVE-2020-10712	Unspecified vulnerability in Redhat Openshift Container Platform A flaw was found in OpenShift Container Platform version 4.1 and later. network low complexity redhat	8.2
2020-01-07	CVE-2019-14819	Unspecified vulnerability in Redhat Openshift Container Platform 3.10/3.11 A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. network low complexity redhat	8.8
2019-10-17	CVE-2019-11253	XML Entity Expansion vulnerability in multiple products Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. network low complexity kubernetes redhat CWE-776	7.5
2019-08-29	CVE-2019-11249	Path Traversal vulnerability in multiple products The kubectl cp command allows copying files between containers and the user machine. network low complexity kubernetes redhat CWE-22	6.5
2019-08-29	CVE-2019-11247	Incorrect Authorization vulnerability in multiple products The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. network low complexity kubernetes redhat CWE-863	8.1
2019-08-13	CVE-2019-9514	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. network low complexity apple apache debian canonical synology fedoraproject opensuse redhat oracle mcafee netapp f5 nodejs CWE-770	7.5
2019-07-30	CVE-2019-10165	Information Exposure Through Log Files vulnerability in Redhat Openshift Container Platform OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. local low complexity redhat CWE-532	2.3
2019-07-11	CVE-2019-3889	Unspecified vulnerability in Redhat Openshift Container Platform A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. network low complexity redhat	5.4
2019-06-12	CVE-2019-10150	Unspecified vulnerability in Redhat Openshift Container Platform It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. network high complexity redhat	5.9